This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2006-12-21
Product Windows Vista Last view 2020-02-20
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* 470
cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:* 324
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* 243
cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:* 219
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:* 190
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:* 127
cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:* 101
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:* 86
cpe:2.3:o:microsoft:windows_vista:-:-:x64:*:*:*:*:* 20
cpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:* 14
cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:* 13
cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:* 11
cpe:2.3:o:microsoft:windows_vista:sp1:*:*:*:*:*:*:* 8
cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:* 8
cpe:2.3:o:microsoft:windows_vista:*:*:enterprise:*:*:*:*:* 7
cpe:2.3:o:microsoft:windows_vista:*:*:ultimate:*:*:*:*:* 6
cpe:2.3:o:microsoft:windows_vista:*:*:home_premium:*:*:*:*:* 5
cpe:2.3:o:microsoft:windows_vista:*:*:home_basic:*:*:*:*:* 5
cpe:2.3:o:microsoft:windows_vista:sp2:*:*:*:*:*:*:* 4
cpe:2.3:o:microsoft:windows_vista:*:*:business:*:*:*:*:* 4
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:x64:* 4
cpe:2.3:o:microsoft:windows_vista:*:beta1:*:*:*:*:*:* 3
cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:x64:* 3
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:x64:* 3
cpe:2.3:o:microsoft:windows_vista:*:*:32_bit:*:*:*:*:* 2
cpe:2.3:o:microsoft:windows_vista:*:beta2:*:*:*:*:*:* 2
cpe:2.3:o:microsoft:windows_vista:*:beta:*:*:*:*:*:* 2
cpe:2.3:o:microsoft:windows_vista:*:*:starter:*:*:*:*:* 2
cpe:2.3:o:microsoft:windows_vista:*:*:x64-business:*:*:*:*:* 2
cpe:2.3:o:microsoft:windows_vista:-:sp1:x64:*:*:*:*:* 2
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:* 2
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:x64:* 2
cpe:2.3:o:microsoft:windows_vista:*:*:x86:*:*:*:*:* 1
cpe:2.3:o:microsoft:windows_vista:*:*:december_ctp:*:*:*:*:* 1
cpe:2.3:o:microsoft:windows_vista:*:december_ctp:*:*:*:*:*:* 1
cpe:2.3:o:microsoft:windows_vista:*:*:x64-home_basic:*:*:*:*:* 1
cpe:2.3:o:microsoft:windows_vista:*:sp2:x86:*:*:*:*:* 1
cpe:2.3:o:microsoft:windows_vista:-:*:x64:*:*:*:*:* 1
cpe:2.3:o:microsoft:windows_vista:-:*:home_basic:*:*:*:*:* 1
cpe:2.3:o:microsoft:windows_vista:-:*:home_premium:*:*:*:*:* 1
cpe:2.3:o:microsoft:windows_vista:-:*:ultimate:*:*:*:*:* 1
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:x86:* 1
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:business:*:*:* 1
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:december_ctp:*:*:* 1
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:enterprise:*:*:* 1
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:home_basic:*:*:* 1
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:home_premium:*:*:* 1
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:x64:* 1
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x86:* 1

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2020-02-20 CVE-2012-5364

The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.

7.5 2020-02-20 CVE-2012-5362

The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2010-4669.

9.8 2019-05-16 CVE-2019-0708

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

5.5 2018-02-26 CVE-2018-7250

An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data.

7 2018-02-26 CVE-2018-7249

An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel.

7.8 2017-04-12 CVE-2017-0199

Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."

4.3 2017-04-12 CVE-2017-0192

The Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold , 1511, 1607, and 1703 allows an attacker to gain sensitive information via a specially crafted document or an untrusted website, aka "ATMFD.dll Information Disclosure Vulnerability."

8.1 2017-04-12 CVE-2017-0166

An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP Elevation of Privilege Vulnerability."

7.5 2017-04-12 CVE-2017-0158

An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Scripting Engine Memory Corruption Vulnerability."

7 2017-04-12 CVE-2017-0155

The Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Graphics Elevation of Privilege Vulnerability."

4.7 2017-04-12 CVE-2017-0058

A Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability."

4.3 2017-03-16 CVE-2017-0128

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, and CVE-2017-0127.

4.3 2017-03-16 CVE-2017-0127

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, and CVE-2017-0128.

4.3 2017-03-16 CVE-2017-0126

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0127, and CVE-2017-0128.

4.3 2017-03-16 CVE-2017-0125

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3 2017-03-16 CVE-2017-0124

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3 2017-03-16 CVE-2017-0123

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3 2017-03-16 CVE-2017-0122

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3 2017-03-16 CVE-2017-0121

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3 2017-03-16 CVE-2017-0120

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Uniscribe Information Disclosure Vulnerability."

4.3 2017-03-16 CVE-2017-0119

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3 2017-03-16 CVE-2017-0118

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3 2017-03-16 CVE-2017-0117

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3 2017-03-16 CVE-2017-0116

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

4.3 2017-03-16 CVE-2017-0115

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
19% (147) CWE-264 Permissions, Privileges, and Access Controls
14% (110) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (109) CWE-20 Improper Input Validation
11% (84) CWE-200 Information Exposure
10% (78) CWE-94 Failure to Control Generation of Code ('Code Injection')
9% (75) CWE-399 Resource Management Errors
5% (44) CWE-362 Race Condition
3% (26) CWE-189 Numeric Errors
1% (13) CWE-284 Access Control (Authorization) Issues
1% (10) CWE-416 Use After Free
1% (10) CWE-19 Data Handling
0% (6) CWE-310 Cryptographic Issues
0% (6) CWE-287 Improper Authentication
0% (6) CWE-254 Security Features
0% (5) CWE-255 Credentials Management
0% (4) CWE-426 Untrusted Search Path
0% (4) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
0% (3) CWE-476 NULL Pointer Dereference
0% (3) CWE-190 Integer Overflow or Wraparound
0% (2) CWE-415 Double Free
0% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (2) CWE-352 Cross-Site Request Forgery (CSRF)
0% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
0% (2) CWE-16 Configuration
0% (1) CWE-134 Uncontrolled Format String

CAPEC : Common Attack Pattern Enumeration & Classification

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Name
CAPEC-2 Inducing Account Lockout
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7 Blind SQL Injection
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-26 Leveraging Race Conditions
CAPEC-28 Fuzzing
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-42 MIME Conversion
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-59 Session Credential Falsification through Prediction
CAPEC-63 Simple Script Injection

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:1816 MsgBox (CSRSS) Remote Code Execution Vulnerability
oval:org.mitre.oval:def:5489 Speech API Vulnerability
oval:org.mitre.oval:def:1861 Windows Mail UNC Navigation Request Remote Code Execution Vulnerability
oval:org.mitre.oval:def:1854 Windows Animated Cursor Remote Code Execution Vulnerability
oval:org.mitre.oval:def:1923 EMF Elevation of Privilege Vulnerability
oval:org.mitre.oval:def:1927 GDI Incorrect Parameter Local Elevation of Privilege Vulnerability
oval:org.mitre.oval:def:1524 CSRSS Local Elevation of Privilege Vulnerability
oval:org.mitre.oval:def:6041 Race Condition Cross-Domain Information Disclosure Vulnerability
oval:org.mitre.oval:def:1529 Windows Vista Information Disclosure Vulnerability
oval:org.mitre.oval:def:1884 Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability
oval:org.mitre.oval:def:2115 Vulnerability in Contacts Gadget.
oval:org.mitre.oval:def:2152 Vulnerability in Feed Headline Gadget.
oval:org.mitre.oval:def:2071 Vulnerability in Weather Gadget.
oval:org.mitre.oval:def:2310 Vulnerability in RPC Could Allow Denial of Service
oval:org.mitre.oval:def:3912 Vulnerability in Windows Kernel Could Allow Elevation of Privilege
oval:org.mitre.oval:def:4208 Vulnerability in SMBv2 Could Allow Remote Code Execution
oval:org.mitre.oval:def:5370 Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability
oval:org.mitre.oval:def:5240 Windows Kernel TCP/IP Vulnerability
oval:org.mitre.oval:def:5314 DNS Spoofing Attack Vulnerability
oval:org.mitre.oval:def:5441 GDI Heap Overflow Vulnerability
oval:org.mitre.oval:def:5437 Windows Kernel Vulnerability
oval:org.mitre.oval:def:5580 GDI stack Overflow Vulnerability
oval:org.mitre.oval:def:5891 Microsoft Distributed Transaction Coordinator Service Isolation Vulnerability
oval:org.mitre.oval:def:5604 PGM Malformed Fragment Vulnerability
oval:org.mitre.oval:def:4730 Bluetooth Vulnerability

SAINT Exploits

Description Link
Internet Explorer iepeers.dll use-after-free vulnerability More info here
Internet Explorer WinINet credential reflection vulnerability More info here
Microsoft Office ClickOnce Unsafe Execution More info here
Microsoft Remote Desktop Connection Insecure Library Injection More info here
Microsoft Windows Movie Maker IsValidWMToolsStream buffer overflow More info here
Microsoft Office Art Property Table Memory Corruption More info here
Visual Studio Active Template Library object type mismatch vulnerability More info here
Windows Animated Cursor Header buffer overflow More info here
Windows GDI EMF filename buffer overflow More info here
Windows Media MIDI Invalid Channel More info here
Windows search-ms protocol handler command execution vulnerability More info here
Windows Server Service buffer overflow MS08-067 More info here
Windows Shell LNK file CONTROL item command execution More info here
Windows SMB2 buffer overflow More info here
Windows SMB credential reflection vulnerability More info here
Windows Telnet credential reflection More info here
Windows Thumbnail View CreateSizedDIBSECTION buffer overflow More info here
Microsoft Windows Media Player DVR-MS File Code Execution More info here
Windows Crafted Theme File Handling Vulnerability More info here
Windows OLE Package Manager CPackage::DoVerb() INF File Download Vulnerability More info here
Windows OLE Automation Array command execution More info here
Windows Media Center command execution More info here
Microsoft Word and WordPad RTF HTA handler command execution More info here

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
78211 Microsoft Windows Line21 DirectShow Filter Media File Handling Remote Code Ex...
78210 Microsoft Windows Multimedia Library (winmm.dll) MIDI File Handling Remote Co...
78209 Microsoft Windows Ntdll.dll Structured Exception Handling Tables Loading Safe...
78207 Microsoft Windows Embedded ClickOnce Application Office File Handling Remote ...
78206 Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unicode Character ...
78057 Microsoft .NET Framework ASP.NET Hash Collision Web Form Post Parsing Remote DoS
78056 Microsoft .NET Framework Forms Authentication Sliding Expiry Cached Content P...
78055 Microsoft .NET Framework ASP.NET Username Parsing Authentication Bypass
78054 Microsoft .NET Framework Forms Authentication Return URL Handling Arbitrary S...
77908 Microsoft Windows win32k.sys Safari IFRAME Height Attribute Handling Remote M...
77667 Microsoft Windows Active Directory Query Parsing Remote Overflow
77662 Microsoft Windows CSRSS Device Event Message Parsing Local Privilege Escalation
77660 Microsoft Windows Media Player / Center DVR-MS File Handling Remote Memory Co...
76902 Microsoft Windows Active Directory LDAPS CRL Handling Weakness Authentication...
76901 Microsoft Windows Mail / Windows Meeting Space Path Subversion Arbitrary DLL ...
76899 Microsoft Windows TCP/IP Reference Counter Crafted UDP Packet Stream Remote O...
76843 Microsoft Windows Win32k TrueType Font Handling Privilege Escalation
76231 Microsoft Windows Active Accessibility Path Subversion Arbitrary DLL Injectio...
76221 Microsoft Windows win32k.sys Driver Use-after-free Driver Object Handling Arb...
76220 Microsoft Windows win32k.sys Driver .fon Font File Handling Overflow
76219 Microsoft Windows win32k.sys Driver Type Translation TrueType Font File Handl...
76218 Microsoft Windows win32k.sys Driver NULL Dereference Unspecified Arbitrary Co...
76205 Microsoft Windows Media Center Path Subversion Arbitrary DLL Injection Code E...
75382 Microsoft Windows Shell Extensions Path Subversion Arbitrary DLL Injection Co...
74482 Microsoft Windows TCP/IP Stack (Tcpip.sys) ICMP Message Parsing Remote DoS

ExploitDB Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
35236 MS14-064 Microsoft Windows OLE Package Manager Code Execution
35235 MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python
35230 Internet Explorer < 11 - OLE Automation Array Remote Code Execution (MSF)
35229 Internet Explorer <11 - OLE Automation Array Remote Code Execution
35216 MS Office 2007 and 2010 - OLE Arbitrary Command Execution
35101 Windows TrackPopupMenu Win32k NULL Pointer Dereference
35055 Windows OLE - Remote Code Execution "Sandworm" Exploit (MS14-060)
35020 MS14-060 Microsoft Windows OLE Package Manager Code Execution
35019 Windows OLE Package Manager SandWorm Exploit
33213 Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
30397 Windows Kernel win32k.sys - Integer Overflow (MS13-101)
30011 Microsoft Tagged Image File Format (TIFF) Integer Overflow
29813 Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability
27050 DirectShow Arbitrary Memory Overwrite Vulnerability (MS13-056)
26554 Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation
24485 MS13-005 HWND_BROADCAST PoC
19037 MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
18426 MS12-004 midiOutPlayNextPolyEvent Heap Overflow
18372 Microsoft Windows Assembly Execution Vulnerability MS12-005
18024 MS11-077 Win32k Null Pointer De-reference Vulnerability POC
17978 MS11-077 .fon Kernel-Mode Buffer Overrun PoC
17659 MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow
17544 GDI+ CreateDashedPath Integer overflow in gdiplus.dll
16590 Internet Explorer DHTML Behaviors Use After Free
15985 MS10-073: Win32k Keyboard Layout Vulnerability

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-07-09 Name : Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671...
File : nvt/secpod_ms12-020_remote.nasl
2012-12-12 Name : Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (...
File : nvt/secpod_ms12-078.nasl
2012-12-12 Name : Microsoft Windows File Handling Component Remote Code Execution Vulnerability...
File : nvt/secpod_ms12-081.nasl
2012-11-14 Name : Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528)
File : nvt/secpod_ms12-072.nasl
2012-11-14 Name : Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (...
File : nvt/secpod_ms12-075.nasl
2012-10-10 Name : Microsoft Windows Kernel Privilege Elevation Vulnerability (2724197)
File : nvt/secpod_ms12-068.nasl
2012-09-28 Name : Google Chrome Windows Kernel Memory Corruption Vulnerability
File : nvt/gb_google_chrome_mem_crptn_vuln_win.nasl
2012-08-15 Name : Microsoft Windows Networking Components Remote Code Execution Vulnerabilities...
File : nvt/secpod_ms12-054.nasl
2012-08-15 Name : Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2731...
File : nvt/secpod_ms12-055.nasl
2012-07-11 Name : Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (27...
File : nvt/secpod_ms12-047.nasl
2012-07-11 Name : Microsoft Windows Shell Remote Code Execution Vulnerability (2691442)
File : nvt/secpod_ms12-048.nasl
2012-07-11 Name : Microsoft Windows TLS Protocol Information Disclosure Vulnerability (2655992)
File : nvt/secpod_ms12-049.nasl
2012-06-13 Name : Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2685939)
File : nvt/secpod_ms12-036.nasl
2012-06-13 Name : Microsoft Lync Remote Code Execution Vulnerabilities (2707956)
File : nvt/secpod_ms12-039.nasl
2012-06-13 Name : Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2709162)
File : nvt/secpod_ms12-041.nasl
2012-05-14 Name : Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
File : nvt/secpod_ms12-034_macosx.nasl
2012-05-09 Name : Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (2688338)
File : nvt/secpod_ms12-032.nasl
2012-05-09 Name : Microsoft Windows Prtition Manager Privilege Elevation Vulnerability (2690533)
File : nvt/secpod_ms12-033.nasl
2012-05-09 Name : MS Security Update For Microsoft Office, .NET Framework, and Silverlight (268...
File : nvt/secpod_ms12-034.nasl
2012-04-11 Name : Windows Authenticode Signature Remote Code Execution Vulnerability (2653956)
File : nvt/secpod_ms12-024.nasl
2012-03-14 Name : Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2641653)
File : nvt/secpod_ms12-018.nasl
2012-03-14 Name : Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364)
File : nvt/secpod_ms12-019.nasl
2012-03-14 Name : Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671...
File : nvt/secpod_ms12-020.nasl
2012-03-06 Name : Microsoft SMB Transaction Parsing Remote Code Execution Vulnerability
File : nvt/secpod_ms11-020_remote.nasl
2012-02-29 Name : MicroSoft SMB Server Trans2 Request Remote Code Execution Vulnerability
File : nvt/secpod_ms10-054_remote.nasl

Information Assurance Vulnerability Management (IAVM)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-B-0112 Microsoft Media Center Remote Code Execution Vulnerability (MS15-100)
Severity: Category II - VMSKEY: V0061373
2015-A-0212 Multiple Vulnerabilities in Microsoft Graphics Component (MS15-097)
Severity: Category II - VMSKEY: V0061385
2015-A-0215 Multiple Vulnerabilities in Microsoft Windows Task Management (MS15-102)
Severity: Category II - VMSKEY: V0061391
2015-A-0216 Multiple Vulnerabilities in Microsoft Windows Journal (MS15-098)
Severity: Category II - VMSKEY: V0061393
2015-B-0096 Microsoft WebDAV Information Disclosure Vulnerability (MS15-089)
Severity: Category II - VMSKEY: V0061285
2015-A-0188 Cumulative Security Update for Microsoft Internet Explorer (MS15-079)
Severity: Category I - VMSKEY: V0061297
2015-A-0190 Multiple Vulnerabilities in Microsoft Remote Desktop Protocol (RDP) (MS15-082)
Severity: Category II - VMSKEY: V0061299
2015-A-0192 Microsoft Windows Mount Manager Privilege Escalation Vulnerability (MS15-085)
Severity: Category I - VMSKEY: V0061303
2015-A-0193 Multiple Privilege Escalation Vulnerabilities in Microsoft Windows (MS15-090)
Severity: Category II - VMSKEY: V0061305
2015-A-0194 Multiple Vulnerabilities in Microsoft Office (MS15-081)
Severity: Category II - VMSKEY: V0061307
2015-A-0196 Multiple Vulnerabilities in Microsoft Graphics Component (MS15-080)
Severity: Category II - VMSKEY: V0061311
2015-A-0197 Microsoft Command Line Parameter Information Disclosure Vulnerability (MS15-088)
Severity: Category II - VMSKEY: V0061313
2015-A-0198 Microsoft Server Message Block (SMB) Remote Code Execution Vulnerability (MS1...
Severity: Category II - VMSKEY: V0061315
2015-A-0165 Microsoft Remote Procedure Call (RPC) Privilege Escalation Vulnerability (MS1...
Severity: Category II - VMSKEY: V0061093
2015-A-0164 Microsoft Windows Installer Privilege Escalation Vulnerability (MS15-074)
Severity: Category II - VMSKEY: V0061095
2015-A-0162 Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Driver (MS15-073)
Severity: Category II - VMSKEY: V0061097
2015-A-0169 Multiple Vulnerabilities in Microsoft OLE (MS15-075)
Severity: Category II - VMSKEY: V0061103
2015-A-0168 Microsoft Graphics Component Privilege Escalation Vulnerability (MS15-072)
Severity: Category II - VMSKEY: V0061105
2015-A-0167 Multiple Vulnerabilities in Microsoft Windows (MS15-069)
Severity: Category II - VMSKEY: V0061129
2015-A-0125 Microsoft Common Controls Could Allow Remote Code Execution Vulnerability (MS...
Severity: Category II - VMSKEY: V0060943
2015-A-0122 Microsoft Windows Kernel Elevation of Privilege Vulnerability (MS15-063)
Severity: Category II - VMSKEY: V0060961
2015-A-0107 Microsoft Service Control Manager Privilege Escalation Vulnerability (MS15-050)
Severity: Category II - VMSKEY: V0060651
2015-A-0108 Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Driver (MS15-051)
Severity: Category II - VMSKEY: V0060653
2015-A-0111 Microsoft SChannel Information Disclosure Vulnerability (MS15-055)
Severity: Category I - VMSKEY: V0060659
2015-A-0091 Multiple Vulnerabilities in Microsoft Windows (MS15-038)
Severity: Category II - VMSKEY: V0059897

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 Microsoft Multiple Products malformed PNG detected tEXt overflow attempt
RuleID : 6700 - Type : FILE-IMAGE - Revision : 20
2020-03-19 Microsoft Windows Data Analyzer 3.5 ActiveX clsid access
RuleID : 53118 - Type : BROWSER-PLUGINS - Revision : 1
2020-03-19 Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt
RuleID : 53117 - Type : BROWSER-PLUGINS - Revision : 1
2020-03-19 Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt
RuleID : 53116 - Type : BROWSER-PLUGINS - Revision : 1
2020-01-16 Microsoft Word internal OLE object update attempt
RuleID : 52482 - Type : INDICATOR-COMPROMISE - Revision : 1
2020-01-16 Microsoft Word internal OLE object update attempt
RuleID : 52481 - Type : INDICATOR-COMPROMISE - Revision : 1
2020-01-03 Microsoft Windows MHTML XSS attempt
RuleID : 52335 - Type : OS-WINDOWS - Revision : 1
2019-09-17 Microsoft Windows Object Packager ClickOnce object remote code execution attempt
RuleID : 51029 - Type : OS-WINDOWS - Revision : 1
2019-09-17 Microsoft Windows Object Packager ClickOnce object remote code execution attempt
RuleID : 51028 - Type : OS-WINDOWS - Revision : 1
2019-09-05 Microsoft Windows mp3 file malformed ID3 APIC header code execution attempt
RuleID : 50893 - Type : FILE-MULTIMEDIA - Revision : 1
2019-09-05 Microsoft Windows mp3 file malformed ID3 APIC header code execution attempt
RuleID : 50892 - Type : FILE-MULTIMEDIA - Revision : 1
2019-09-05 Microsoft OpenType font index remote code execution attempt
RuleID : 50889 - Type : FILE-OTHER - Revision : 1
2019-09-05 Microsoft OpenType font index remote code execution attempt
RuleID : 50888 - Type : FILE-OTHER - Revision : 1
2019-09-05 Microsoft Windows GDI EMF parsing arbitrary code execution attempt
RuleID : 50885 - Type : FILE-OTHER - Revision : 1
2019-09-05 Microsoft Windows GDI EMF parsing arbitrary code execution attempt
RuleID : 50884 - Type : FILE-OTHER - Revision : 1
2019-09-05 Microsoft Fax Cover Page Editor heap corruption attempt
RuleID : 50873 - Type : OS-WINDOWS - Revision : 1
2019-09-05 Microsoft Fax Cover Page Editor heap corruption attempt
RuleID : 50872 - Type : OS-WINDOWS - Revision : 1
2019-08-31 Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated ...
RuleID : 50849 - Type : FILE-OTHER - Revision : 1
2019-08-31 Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated ...
RuleID : 50848 - Type : FILE-OTHER - Revision : 1
2019-08-27 Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt
RuleID : 50798 - Type : FILE-IMAGE - Revision : 1
2019-08-13 Microsoft Windows SChannel CertificateVerify buffer overflow attempt
RuleID : 50707 - Type : OS-WINDOWS - Revision : 1
2019-08-13 Microsoft Windows SChannel CertificateVerify buffer overflow attempt
RuleID : 50706 - Type : OS-WINDOWS - Revision : 1
2019-08-13 Microsoft Windows SChannel CertificateVerify buffer overflow attempt
RuleID : 50705 - Type : OS-WINDOWS - Revision : 1
2019-08-13 Microsoft Windows SChannel CertificateVerify buffer overflow attempt
RuleID : 50704 - Type : OS-WINDOWS - Revision : 1
2019-07-18 Directshow GIF logical height overflow attempt
RuleID : 50454 - Type : FILE-IMAGE - Revision : 1

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-10-20 Name: The remote Windows host is affected by an information disclosure vulnerability.
File: smb_nt_ms17_apr_4014793.nasl - Type: ACT_GATHER_INFO
2017-10-20 Name: The remote Windows host is affected by a remote code execution vulnerability.
File: smb_nt_ms17_may_4020535.nasl - Type: ACT_GATHER_INFO
2017-04-12 Name: The remote Windows host is affected by a remote code execution vulnerability.
File: smb_nt_ms17_apr_4015067.nasl - Type: ACT_GATHER_INFO
2017-04-12 Name: The remote Windows host is affected by an elevation of privilege vulnerability.
File: smb_nt_ms17_apr_4015068.nasl - Type: ACT_GATHER_INFO
2017-04-12 Name: The remote Windows host is affected by an information disclosure vulnerability.
File: smb_nt_ms17_apr_4015195.nasl - Type: ACT_GATHER_INFO
2017-04-12 Name: The remote Windows host is affected by an information disclosure vulnerability.
File: smb_nt_ms17_apr_4015380.nasl - Type: ACT_GATHER_INFO
2017-04-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_apr_4015549.nasl - Type: ACT_GATHER_INFO
2017-04-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_apr_4015550.nasl - Type: ACT_GATHER_INFO
2017-04-12 Name: An application installed on the remote Windows host is affected by multiple v...
File: smb_nt_ms17_apr_office.nasl - Type: ACT_GATHER_INFO
2017-04-11 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17-apr_4015551.nasl - Type: ACT_GATHER_INFO
2017-04-11 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_apr_4015217.nasl - Type: ACT_GATHER_INFO
2017-04-11 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_apr_4015219.nasl - Type: ACT_GATHER_INFO
2017-04-11 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_apr_4015221.nasl - Type: ACT_GATHER_INFO
2017-04-11 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_apr_4015583.nasl - Type: ACT_GATHER_INFO
2017-03-20 Name: The remote Windows host is affected by multiple vulnerabilities.
File: ms17-010.nasl - Type: ACT_GATHER_INFO
2017-03-17 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17-013.nasl - Type: ACT_GATHER_INFO
2017-03-15 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17-010.nasl - Type: ACT_GATHER_INFO
2017-03-15 Name: The remote Windows host is affected multiple elevation of privilege vulnerabi...
File: smb_nt_ms17-018.nasl - Type: ACT_GATHER_INFO
2017-03-15 Name: The remote Windows host is affected by an information disclosure vulnerability.
File: smb_nt_ms17-021.nasl - Type: ACT_GATHER_INFO
2017-03-15 Name: The remote Windows host is affected multiple vulnerabilities.
File: smb_nt_ms17-008.nasl - Type: ACT_GATHER_INFO
2017-03-15 Name: The remote Windows host is affected multiple vulnerabilities.
File: smb_nt_ms17-012.nasl - Type: ACT_GATHER_INFO
2017-03-15 Name: The remote Windows host is affected by a cross-site scripting vulnerability.
File: smb_nt_ms17-016.nasl - Type: ACT_GATHER_INFO
2017-03-15 Name: The remote host is affected by an information disclosure vulnerability.
File: smb_nt_ms17-022.nasl - Type: ACT_GATHER_INFO
2017-03-14 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms17-011.nasl - Type: ACT_GATHER_INFO
2017-03-14 Name: The remote Windows host is affected multiple elevation of privilege vulnerabi...
File: smb_nt_ms17-017.nasl - Type: ACT_GATHER_INFO