This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2012-09-26
Product Windows 8 Last view 2014-02-11
Version - Type Os
Update *  
Edition *  
Language *  
Sofware Edition pro_n  
Target Software *  
Target Hardware x86  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_8

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2014-02-11 CVE-2014-0254

The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, and Windows RT does not properly validate packets, which allows remote attackers to cause a denial of service (system hang) via crafted ICMPv6 Router Advertisement packets, aka "TCP/IP Version 6 (IPv6) Denial of Service Vulnerability."

7.2 2013-12-10 CVE-2013-3907

portcls.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Port-Class Driver Double Fetch Vulnerability."

4.7 2013-12-10 CVE-2013-3903

Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to cause a denial of service (reboot) via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."

9.3 2013-10-09 CVE-2013-3894

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted CMAP table in a TrueType font (TTF) file, aka "TrueType Font CMAP Table Vulnerability."

3.5 2013-10-09 CVE-2013-3880

The App Container feature in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to bypass intended access restrictions and obtain sensitive information from a different container via a Trojan horse application, aka "App Container Elevation of Privilege Vulnerability."

7.2 2013-10-09 CVE-2013-3879

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."

7.2 2013-10-09 CVE-2013-3200

The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability."

10 2013-10-09 CVE-2013-3195

The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted value in an argument to an ASP.NET web application, aka "Comctl32 Integer Overflow Vulnerability."

5 2013-09-11 CVE-2013-3868

Microsoft Active Directory Lightweight Directory Service (AD LDS) on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 and Active Directory Services on Windows Server 2008 SP2 and R2 SP1 and Server 2012 allow remote attackers to cause a denial of service (LDAP directory-service outage) via a crafted LDAP query, aka "Remote Anonymous DoS Vulnerability."

7.2 2013-09-11 CVE-2013-3866

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

7.2 2013-09-11 CVE-2013-3865

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1342, CVE-2013-1343, CVE-2013-1344, and CVE-2013-3864.

7.2 2013-09-11 CVE-2013-3864

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1342, CVE-2013-1343, CVE-2013-1344, and CVE-2013-3865.

7.2 2013-09-11 CVE-2013-1344

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1342, CVE-2013-1343, CVE-2013-3864, and CVE-2013-3865.

7.2 2013-09-11 CVE-2013-1343

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1342, CVE-2013-1344, CVE-2013-3864, and CVE-2013-3865.

7.2 2013-09-11 CVE-2013-1342

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1343, CVE-2013-1344, CVE-2013-3864, and CVE-2013-3865.

7.2 2013-09-11 CVE-2013-1341

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability."

7.2 2013-08-14 CVE-2013-3198

The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3196 and CVE-2013-3197.

7.2 2013-08-14 CVE-2013-3197

The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3196 and CVE-2013-3198.

7.2 2013-08-14 CVE-2013-3196

The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3197 and CVE-2013-3198.

7.8 2013-08-14 CVE-2013-3183

The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly perform memory allocation for inbound ICMPv6 packets, which allows remote attackers to cause a denial of service (system hang) via crafted packets, aka "ICMPv6 Vulnerability."

10 2013-08-14 CVE-2013-3175

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a malformed asynchronous RPC request, aka "Remote Procedure Call Vulnerability."

7.2 2013-07-31 CVE-2013-3697

Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call.

9.3 2013-07-09 CVE-2013-3174

DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."

7.2 2013-07-09 CVE-2013-3173

Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."

9.3 2013-07-09 CVE-2013-3129

Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."

CWE : Common Weakness Enumeration

%idName
34% (17) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
20% (10) CWE-264 Permissions, Privileges, and Access Controls
10% (5) CWE-399 Resource Management Errors
10% (5) CWE-94 Failure to Control Generation of Code ('Code Injection')
8% (4) CWE-362 Race Condition
8% (4) CWE-189 Numeric Errors
8% (4) CWE-20 Improper Input Validation
2% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

ExploitDB Exploits

id Description
33213 Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
27050 DirectShow Arbitrary Memory Overwrite Vulnerability (MS13-056)
26554 Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation
24485 MS13-005 HWND_BROADCAST PoC

OpenVAS Exploits

id Description
2012-12-12 Name : Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (...
File : nvt/secpod_ms12-078.nasl
2012-11-14 Name : Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528)
File : nvt/secpod_ms12-072.nasl
2012-11-14 Name : Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (...
File : nvt/secpod_ms12-075.nasl
2012-09-28 Name : Google Chrome Windows Kernel Memory Corruption Vulnerability
File : nvt/gb_google_chrome_mem_crptn_vuln_win.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0027 Microsoft IPv6 Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0044039
2013-A-0232 Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Drivers
Severity: Category I - VMSKEY: V0042582
2013-A-0190 Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Drivers
Severity: Category I - VMSKEY: V0040763
2013-A-0189 Microsoft Windows Common Control Library Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0040760
2013-B-0100 Microsoft Active Directory Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0040303
2013-B-0088 Multiple Privilege Escalation Vulnerabilities in Microsoft Windows Kernel
Severity: Category I - VMSKEY: V0040045
2013-A-0161 Microsoft ICMPv6 Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0040035
2013-A-0163 Microsoft Windows Remote Procedure Call (RPC) Elevation of Privilege Vulnerab...
Severity: Category I - VMSKEY: V0040034
2013-B-0071 Multiple Vulnerabilities in Microsoft .NET Framework and Silverlight
Severity: Category II - VMSKEY: V0039211
2013-A-0134 Microsoft DirectShow Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0039200
2013-A-0135 Microsoft GDI+ Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0039199
2013-A-0120 Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Severity: Category I - VMSKEY: V0039072
2013-B-0053 Microsoft Windows HTTP.sys Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0037939
2013-A-0080 Microsoft Windows Kernel Privilege Escalation Vulnerability
Severity: Category II - VMSKEY: V0037609
2013-A-0063 Microsoft Windows Kernel-Mode Drivers Privilege Escalation Vulnerability
Severity: Category II - VMSKEY: V0037404
2013-B-0003 Microsoft Windows Security Bypass Vulnerability
Severity: Category I - VMSKEY: V0036450
2012-A-0185 Multiple Vulnerabilities in Microsoft Windows Shell
Severity: Category I - VMSKEY: V0034956

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2019-07-18 Directshow GIF logical height overflow attempt
RuleID : 50454 - Type : FILE-IMAGE - Revision : 1
2019-07-18 Directshow GIF logical width overflow attempt
RuleID : 50453 - Type : FILE-IMAGE - Revision : 1
2019-04-18 Microsoft Windows TTF parsing counter overflow attempt
RuleID : 49483 - Type : FILE-OTHER - Revision : 1
2019-04-18 Microsoft Windows TTF parsing counter overflow attempt
RuleID : 49482 - Type : FILE-OTHER - Revision : 1
2017-03-01 Microsoft Windows Win32 Divide Error Exception Denial of Service attempt
RuleID : 41465 - Type : FILE-EXECUTABLE - Revision : 2
2017-03-01 Microsoft Windows Win32 Divide Error Exception Denial of Service attempt
RuleID : 41464 - Type : FILE-EXECUTABLE - Revision : 2
2017-03-01 Microsoft Windows Win32 Divide Error Exception Denial of Service attempt
RuleID : 41463 - Type : FILE-EXECUTABLE - Revision : 2
2017-03-01 Microsoft Windows Win32 Divide Error Exception Denial of Service attempt
RuleID : 41462 - Type : FILE-EXECUTABLE - Revision : 2
2016-03-14 Microsoft Windows FlattenPath paged memory consumption privilege escalation a...
RuleID : 36384 - Type : OS-WINDOWS - Revision : 3
2016-03-14 Microsoft Windows FlattenPath paged memory consumption privilege escalation a...
RuleID : 36383 - Type : OS-WINDOWS - Revision : 3
2014-12-02 Microsoft Windows Briefcase integer overflow
RuleID : 32361 - Type : FILE-OTHER - Revision : 2
2014-06-07 Microsoft Windows NtUserMessageCall implementation exploitation attempt
RuleID : 30940 - Type : FILE-EXECUTABLE - Revision : 5
2014-06-07 Microsoft Windows NtUserMessageCall implementation exploitation attempt
RuleID : 30939 - Type : FILE-EXECUTABLE - Revision : 5
2014-06-05 Microsoft Windows Briefcase integer underflow
RuleID : 30898 - Type : FILE-OTHER - Revision : 3
2014-01-10 Microsoft Windows Active Directory LDAP denial of service attempt
RuleID : 27860 - Type : OS-WINDOWS - Revision : 3
2014-01-10 Microsoft ICMPv6 mismatched prefix length and length field denial of service ...
RuleID : 27624 - Type : OS-WINDOWS - Revision : 3
2014-01-10 Directshow GIF logical height overflow attempt
RuleID : 27530 - Type : FILE-IMAGE - Revision : 8
2014-01-10 Directshow GIF logical height overflow attempt
RuleID : 27529 - Type : FILE-IMAGE - Revision : 9
2014-01-10 Directshow GIF logical width overflow attempt
RuleID : 27528 - Type : FILE-IMAGE - Revision : 9
2014-01-10 Directshow GIF logical height overflow attempt
RuleID : 27527 - Type : FILE-IMAGE - Revision : 9
2014-01-10 Directshow GIF logical height overflow attempt
RuleID : 27526 - Type : FILE-IMAGE - Revision : 10
2014-01-10 Directshow GIF logical width overflow attempt
RuleID : 27525 - Type : FILE-IMAGE - Revision : 11
2014-01-10 Microsoft Windows FlattenPath paged memory consumption privilege escalation a...
RuleID : 27231 - Type : OS-WINDOWS - Revision : 4
2014-01-10 Microsoft Windows FlattenPath paged memory consumption privilege escalation a...
RuleID : 26922 - Type : OS-WINDOWS - Revision : 6
2014-01-10 Microsoft Windows TCPRecomputeMss denial of service attempt
RuleID : 26877 - Type : OS-WINDOWS - Revision : 5

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-02-12 Name: The remote Windows host is affected by a denial of service vulnerability.
File: smb_nt_ms14-006.nasl - Type: ACT_GATHER_INFO
2013-12-11 Name: The Windows kernel drivers on the remote host are affected by multiple vulner...
File: smb_nt_ms13-101.nasl - Type: ACT_GATHER_INFO
2013-10-09 Name: A library on the remote Windows host has an integer overflow vulnerability.
File: smb_nt_ms13-083.nasl - Type: ACT_GATHER_INFO
2013-10-09 Name: The Windows kernel drivers on the remote host are affected by multiple vulner...
File: smb_nt_ms13-081.nasl - Type: ACT_GATHER_INFO
2013-09-11 Name: The remote host is affected by an Active Directory denial of service vulnerab...
File: smb_nt_ms13-079.nasl - Type: ACT_GATHER_INFO
2013-09-11 Name: The Windows kernel on the remote host is affected by multiple vulnerabilities.
File: smb_nt_ms13-076.nasl - Type: ACT_GATHER_INFO
2013-09-03 Name: The remote host has a client application installed that is affected by multip...
File: novell_client_priv_escalation2.nasl - Type: ACT_GATHER_INFO
2013-08-14 Name: The remote Windows host is affected by a denial of service vulnerability.
File: smb_nt_ms13-065.nasl - Type: ACT_GATHER_INFO
2013-08-14 Name: The Windows install on the remote host is affected by a privilege escalation ...
File: smb_nt_ms13-062.nasl - Type: ACT_GATHER_INFO
2013-08-14 Name: The Windows kernel on the remote host is affected by multiple vulnerabilities.
File: smb_nt_ms13-063.nasl - Type: ACT_GATHER_INFO
2013-07-10 Name: The .NET Framework install on the remote Windows host could allow arbitrary c...
File: smb_nt_ms13-052.nasl - Type: ACT_GATHER_INFO
2013-07-10 Name: The Windows kernel on the remote host is affected by multiple vulnerabilities.
File: smb_nt_ms13-053.nasl - Type: ACT_GATHER_INFO
2013-07-10 Name: The remote Windows host has a remote code execution vulnerability.
File: smb_nt_ms13-054.nasl - Type: ACT_GATHER_INFO
2013-07-10 Name: The remote Windows host is potentially affected by a remote code execution vu...
File: smb_nt_ms13-056.nasl - Type: ACT_GATHER_INFO
2013-06-11 Name: The Windows kernel on the remote host is affected by an information disclosur...
File: smb_nt_ms13-048.nasl - Type: ACT_GATHER_INFO
2013-06-11 Name: The remote Windows host is affected by a denial of service vulnerability.
File: smb_nt_ms13-049.nasl - Type: ACT_GATHER_INFO
2013-06-11 Name: The remote Windows host is potentially affected by a privilege escalation vul...
File: smb_nt_ms13-050.nasl - Type: ACT_GATHER_INFO
2013-05-15 Name: The remote Windows host is potentially affected by a vulnerability that could...
File: smb_nt_ms13-039.nasl - Type: ACT_GATHER_INFO
2013-05-15 Name: The Windows kernel on the remote host is affected by multiple vulnerabilities.
File: smb_nt_ms13-046.nasl - Type: ACT_GATHER_INFO
2013-04-10 Name: The Windows kernel on the remote host is affected by multiple vulnerabilities.
File: smb_nt_ms13-031.nasl - Type: ACT_GATHER_INFO
2013-04-10 Name: The Windows kernel on the remote host is affected by multiple vulnerabilities.
File: smb_nt_ms13-036.nasl - Type: ACT_GATHER_INFO
2013-03-12 Name: The Windows kernel on the remote host is affected by a privilege escalation v...
File: smb_nt_ms13-027.nasl - Type: ACT_GATHER_INFO
2013-02-12 Name: The remote Windows host is affected by a denial of service vulnerability.
File: smb_nt_ms13-018.nasl - Type: ACT_GATHER_INFO
2013-01-09 Name: The remote Windows host is affected by a security feature bypass vulnerability.
File: smb_nt_ms13-006.nasl - Type: ACT_GATHER_INFO
2013-01-09 Name: The Windows kernel on the remote host is affected by a privilege escalation v...
File: smb_nt_ms13-005.nasl - Type: ACT_GATHER_INFO