U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:home:*:x64:*
  • CPE Name Search: true
There are 937 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2013-1252

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.

Published: February 13, 2013; 7:04:12 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-1251

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.

Published: February 13, 2013; 7:04:12 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-1250

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.

Published: February 13, 2013; 7:04:12 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-1249

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.

Published: February 13, 2013; 7:04:12 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-1248

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.

Published: February 13, 2013; 7:04:12 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-0077

Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."

Published: February 13, 2013; 7:04:12 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0073

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."

Published: February 13, 2013; 7:04:12 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2013-0030

The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability."

Published: February 13, 2013; 7:04:12 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0029

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability."

Published: February 13, 2013; 7:04:12 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0024

Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability."

Published: February 13, 2013; 7:04:11 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0019

Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerability."

Published: February 13, 2013; 7:04:11 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0007

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."

Published: January 09, 2013; 1:09:40 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0006

Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."

Published: January 09, 2013; 1:09:40 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0005

The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."

Published: January 09, 2013; 1:09:40 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2013-0004

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."

Published: January 09, 2013; 1:09:40 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0003

Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."

Published: January 09, 2013; 1:09:40 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0002

Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."

Published: January 09, 2013; 1:09:39 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0001

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."

Published: January 09, 2013; 1:09:37 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-4792

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.

Published: December 30, 2012; 1:55:01 PM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2012-4786

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."

Published: December 11, 2012; 7:55:01 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 10.0 HIGH