This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2008-09-16
Product Windows Vista Last view 2010-02-04
Version gold Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_vista

Activity : Overall

Related : CVE

  Date Alert Description
9.3 2010-02-04 CVE-2010-0555

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448.

7.2 2009-06-10 CVE-2009-1124

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."

4.9 2009-06-10 CVE-2009-0229

The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."

9.3 2009-04-15 CVE-2009-0550

Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."

10 2009-04-15 CVE-2009-0086

Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."

7.2 2009-04-15 CVE-2009-0078

The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."

7.1 2009-03-10 CVE-2009-0085

The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."

7.2 2009-03-10 CVE-2009-0083

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."

7.2 2009-03-10 CVE-2009-0082

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."

9.3 2009-03-10 CVE-2009-0081

The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."

9.3 2008-12-10 CVE-2008-3465

Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."

9.3 2008-12-10 CVE-2008-2249

Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."

6.9 2008-11-25 CVE-2008-5229

Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries.

7.1 2008-09-16 CVE-2008-4114

srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."

CWE : Common Weakness Enumeration

%idName
33% (4) CWE-20 Improper Input Validation
16% (2) CWE-189 Numeric Errors
16% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (1) CWE-399 Resource Management Errors
8% (1) CWE-287 Improper Authentication
8% (1) CWE-264 Permissions, Privileges, and Access Controls
8% (1) CWE-200 Information Exposure

CAPEC : Common Attack Pattern Enumeration & Classification

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Name
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7 Blind SQL Injection
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-28 Fuzzing
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-42 MIME Conversion
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-63 Simple Script Injection
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-66 SQL Injection
CAPEC-67 String Format Overflow in syslog()
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic

SAINT Exploits

Description Link
Internet Explorer WinINet credential reflection vulnerability More info here

Open Source Vulnerability Database (OSVDB)

id Description
62157 Microsoft IE text/html Content Type URLMON Sniffing Arbitrary File Access
54941 Microsoft Windows Kernel User Mode Pointer Passing Local Privilege Escalation
54933 Microsoft Windows Print Spooler Crafted Separator Page Arbitrary Local File D...
53666 Microsoft Windows Management Instrumentation (WMI) Service Isolation Local Pr...
53620 Microsoft Windows HTTP Services Web Server Response Unspecified Integer Under...
53619 Microsoft Windows HTTP Services NTLM Credential Replay Privileged Code Execution
52524 Microsoft Windows Invalid Pointer Local Privilege Escalation
52523 Microsoft Windows Handle Validation Local Privilege Escalation
52522 Microsoft Windows GDI Kernel Component Unspecified Remote Code Execution
52521 Microsoft Windows SChannel Certificate Based Authentication Spoofing Bypass
50562 Microsoft Windows GDI WMF Image Size Parameter Parsing Overflow
50561 Microsoft Windows GDI WMF Image Parsing Integer Math Overflow
50287 Microsoft Windows Vista iphlpapi.dll CreateIpForwardEntry2() Function Memory ...
48153 Microsoft Windows srv.sys WRITE_ANDX SMB Packet Handling Remote DoS

OpenVAS Exploits

id Description
2010-03-18 Name : Vulnerabilities in SMB Could Allow Remote Code Execution (958687) - Remote
File : nvt/secpod_ms09-001_remote.nasl
2009-06-10 Name : Vulnerabilities in Print Spooler Could Allow Remote Code Execution (961501)
File : nvt/secpod_ms09-022.nasl
2009-06-10 Name : Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
File : nvt/secpod_ms09-025.nasl
2009-04-15 Name : Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
File : nvt/secpod_ms09-012.nasl
2009-04-15 Name : Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803)
File : nvt/secpod_ms09-013.nasl
2009-04-15 Name : Microsoft Internet Explorer Remote Code Execution Vulnerability (963027)
File : nvt/secpod_ms09-014.nasl
2009-03-11 Name : Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)
File : nvt/secpod_ms09-006.nasl
2009-03-11 Name : Vulnerability in SChannel Could Allow Spoofing (960225)
File : nvt/secpod_ms09-007.nasl
2009-01-14 Name : Vulnerabilities in SMB Could Allow Remote Code Execution (958687)
File : nvt/secpod_ms09-001.nasl
2008-12-10 Name : Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
File : nvt/secpod_ms08-071.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2009-A-0034 Microsoft Windows HTTP Services Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0018756
2009-A-0019 Microsoft Windows Secure Channel Vulnerability
Severity: Category II - VMSKEY: V0018549
2008-A-0086 Microsoft GDI Remote Code Execution Vulnerabilities
Severity: Category II - VMSKEY: V0017910

Snort® IPS/IDS

Date Description
2019-09-05 Microsoft Windows GDI EMF parsing arbitrary code execution attempt
RuleID : 50885 - Type : FILE-OTHER - Revision : 1
2019-09-05 Microsoft Windows GDI EMF parsing arbitrary code execution attempt
RuleID : 50884 - Type : FILE-OTHER - Revision : 1
2017-08-01 Microsoft GDI WMF file parsing integer overflow attempt
RuleID : 43362 - Type : FILE-IMAGE - Revision : 2
2017-08-01 Microsoft GDI WMF file parsing integer overflow attempt
RuleID : 43361 - Type : FILE-IMAGE - Revision : 2
2017-08-01 Microsoft GDI WMF file parsing integer overflow attempt
RuleID : 43360 - Type : FILE-IMAGE - Revision : 2
2017-08-01 Microsoft GDI WMF file parsing integer overflow attempt
RuleID : 43359 - Type : FILE-IMAGE - Revision : 2
2014-01-10 possible SMB replay attempt - overlapping encryption keys detected
RuleID : 17723 - Type : OS-WINDOWS - Revision : 12
2014-01-10 Microsoft Windows IIS SChannel improper certificate verification
RuleID : 17431 - Type : SERVER-IIS - Revision : 12
2014-01-10 Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect ...
RuleID : 16423 - Type : BROWSER-IE - Revision : 14
2014-01-10 Telnet-based NTLM replay attack attempt
RuleID : 15847 - Type : OS-WINDOWS - Revision : 14
2014-01-10 IIS ASP/ASP.NET potentially malicious file upload attempt
RuleID : 15470 - Type : FILE-EXECUTABLE - Revision : 8
2014-01-10 Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt
RuleID : 15462 - Type : BROWSER-OTHER - Revision : 20
2014-01-10 SMB replay attempt via NTLMSSP - overlapping encryption keys detected
RuleID : 15453 - Type : OS-WINDOWS - Revision : 16
2014-01-10 Microsoft Internet Explorer EMF polyline overflow attempt
RuleID : 15300 - Type : BROWSER-IE - Revision : 9
2014-01-10 Web-based NTLM replay attack attempt
RuleID : 15124 - Type : OS-WINDOWS - Revision : 17
2014-01-10 Microsoft GDI WMF file parsing integer overflow attempt
RuleID : 15105 - Type : FILE-IMAGE - Revision : 19
2014-01-10 possible SMB replay attempt - overlapping encryption keys detected
RuleID : 15009 - Type : OS-WINDOWS - Revision : 22
2014-01-10 SMB write_andx overflow attempt
RuleID : 10161 - Type : NETBIOS - Revision : 9

Nessus® Vulnerability Scanner

id Description
2009-06-10 Name: Arbitrary code can be executed on the remote host due to a flaw in the Spoole...
File: smb_nt_ms09-022.nasl - Type: ACT_GATHER_INFO
2009-06-10 Name: The remote Windows kernel is affected by local privilege escalation vulnerabi...
File: smb_nt_ms09-025.nasl - Type: ACT_GATHER_INFO
2009-04-15 Name: A local user can elevate his privileges on the remote host.
File: smb_nt_ms09-012.nasl - Type: ACT_GATHER_INFO
2009-04-15 Name: The remote host contains an API that is affected by multiple vulnerabilities.
File: smb_nt_ms09-013.nasl - Type: ACT_GATHER_INFO
2009-04-15 Name: Arbitrary code can be executed on the remote host through a web browser.
File: smb_nt_ms09-014.nasl - Type: ACT_GATHER_INFO
2009-03-11 Name: It is possible to execute arbitrary code on the remote host.
File: smb_nt_ms09-006.nasl - Type: ACT_GATHER_INFO
2009-03-11 Name: It may be possible to spoof user identities.
File: smb_nt_ms09-007.nasl - Type: ACT_GATHER_INFO
2009-01-13 Name: It may be possible to execute arbitrary code on the remote host due to a flaw...
File: smb_nt_ms09-001.nasl - Type: ACT_GATHER_INFO
2008-12-10 Name: Arbitrary code can be executed on the remote host through the Microsoft GDI r...
File: smb_nt_ms08-071.nasl - Type: ACT_GATHER_INFO