Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2008-09-16 |
| Product | Windows Xp | Last view | 2010-02-04 |
| Version | * | Type | Os |
| Update | * | ||
| Edition | pro_x64 | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:microsoft:windows_xp | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.3 | 2010-02-04 | CVE-2010-0555 | Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448. |
| 9.3 | 2009-04-15 | CVE-2009-0550 | Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability." |
| 5.8 | 2009-04-15 | CVE-2009-0089 | Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability." |
| 9.3 | 2009-04-15 | CVE-2009-0088 | The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability." |
| 6.9 | 2009-04-15 | CVE-2009-0079 | The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability." |
| 7.2 | 2009-04-15 | CVE-2009-0078 | The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability." |
| 10 | 2009-01-14 | CVE-2008-4835 | SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability." |
| 9.3 | 2008-12-10 | CVE-2008-3465 | Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." |
| 9.3 | 2008-12-10 | CVE-2008-2249 | Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." |
| 7.1 | 2008-09-16 | CVE-2008-4114 | srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability." |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 25% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
| 25% (2) | CWE-20 | Improper Input Validation |
| 12% (1) | CWE-399 | Resource Management Errors |
| 12% (1) | CWE-189 | Numeric Errors |
| 12% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 12% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
| CAPEC-7 | Blind SQL Injection |
| CAPEC-8 | Buffer Overflow in an API Call |
| CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
| CAPEC-10 | Buffer Overflow via Environment Variables |
| CAPEC-13 | Subverting Environment Variable Values |
| CAPEC-14 | Client-side Injection-induced Buffer Overflow |
| CAPEC-18 | Embedding Scripts in Nonscript Elements |
| CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
| CAPEC-24 | Filter Failure through Buffer Overflow |
| CAPEC-28 | Fuzzing |
| CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
| CAPEC-32 | Embedding Scripts in HTTP Query Strings |
| CAPEC-42 | MIME Conversion |
| CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
| CAPEC-45 | Buffer Overflow via Symbolic Links |
| CAPEC-46 | Overflow Variables and Tags |
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
| CAPEC-52 | Embedding NULL Bytes |
| CAPEC-53 | Postfix, Null Terminate, and Backslash |
| CAPEC-63 | Simple Script Injection |
| CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
| CAPEC-66 | SQL Injection |
| CAPEC-67 | String Format Overflow in syslog() |
| CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
SAINT Exploits
| Description | Link |
|---|---|
| Internet Explorer WinINet credential reflection vulnerability | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 62157 | Microsoft IE text/html Content Type URLMON Sniffing Arbitrary File Access |
| 53667 | Microsoft Windows RPCSS Service Isolation Local Privilege Escalation |
| 53666 | Microsoft Windows Management Instrumentation (WMI) Service Isolation Local Pr... |
| 53663 | Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack ... |
| 53621 | Microsoft Windows HTTP Services Digital Certificate Distinguished Name Mismat... |
| 53619 | Microsoft Windows HTTP Services NTLM Credential Replay Privileged Code Execution |
| 52692 | Microsoft SMB NT Trans2 Request Parsing Unspecified Remote Code Execution |
| 50562 | Microsoft Windows GDI WMF Image Size Parameter Parsing Overflow |
| 50561 | Microsoft Windows GDI WMF Image Parsing Integer Math Overflow |
| 48153 | Microsoft Windows srv.sys WRITE_ANDX SMB Packet Handling Remote DoS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2010-03-18 | Name : Vulnerabilities in SMB Could Allow Remote Code Execution (958687) - Remote File : nvt/secpod_ms09-001_remote.nasl |
| 2009-04-15 | Name : Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) File : nvt/secpod_ms09-012.nasl |
| 2009-04-15 | Name : Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803) File : nvt/secpod_ms09-013.nasl |
| 2009-04-15 | Name : Microsoft Internet Explorer Remote Code Execution Vulnerability (963027) File : nvt/secpod_ms09-014.nasl |
| 2009-01-14 | Name : Vulnerabilities in SMB Could Allow Remote Code Execution (958687) File : nvt/secpod_ms09-001.nasl |
| 2008-12-12 | Name : WordPad and Office Text Converter Memory Corruption Vulnerability (960477) File : nvt/secpod_ms_wordpad_mult_vuln.nasl |
| 2008-12-10 | Name : Vulnerabilities in GDI Could Allow Remote Code Execution (956802) File : nvt/secpod_ms08-071.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2009-A-0034 | Microsoft Windows HTTP Services Remote Code Execution Vulnerability Severity: Category I - VMSKEY: V0018756 |
| 2009-A-0032 | Multiple Vulnerabilities in WordPad and Office Text Converters Severity: Category I - VMSKEY: V0018752 |
| 2008-A-0086 | Microsoft GDI Remote Code Execution Vulnerabilities Severity: Category II - VMSKEY: V0017910 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2017-08-01 | Microsoft GDI WMF file parsing integer overflow attempt RuleID : 43362 - Type : FILE-IMAGE - Revision : 2 |
| 2017-08-01 | Microsoft GDI WMF file parsing integer overflow attempt RuleID : 43361 - Type : FILE-IMAGE - Revision : 2 |
| 2017-08-01 | Microsoft GDI WMF file parsing integer overflow attempt RuleID : 43360 - Type : FILE-IMAGE - Revision : 2 |
| 2017-08-01 | Microsoft GDI WMF file parsing integer overflow attempt RuleID : 43359 - Type : FILE-IMAGE - Revision : 2 |
| 2014-06-19 | Microsoft Office Word WordPerfect converter buffer overflow attempt RuleID : 31032 - Type : FILE-OFFICE - Revision : 2 |
| 2014-06-19 | Microsoft Office Word WordPerfect converter buffer overflow attempt RuleID : 31031 - Type : FILE-OFFICE - Revision : 2 |
| 2014-01-10 | possible SMB replay attempt - overlapping encryption keys detected RuleID : 17723 - Type : OS-WINDOWS - Revision : 12 |
| 2014-01-10 | Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect ... RuleID : 16423 - Type : BROWSER-IE - Revision : 14 |
| 2014-01-10 | Telnet-based NTLM replay attack attempt RuleID : 15847 - Type : OS-WINDOWS - Revision : 14 |
| 2014-01-10 | IIS ASP/ASP.NET potentially malicious file upload attempt RuleID : 15470 - Type : FILE-EXECUTABLE - Revision : 8 |
| 2014-01-10 | Microsoft Office WordPad WordPerfect 6.x converter buffer overflow attempt RuleID : 15466 - Type : FILE-OFFICE - Revision : 13 |
| 2014-01-10 | WinHTTP SSL/TLS impersonation attempt RuleID : 15456 - Type : SERVER-OTHER - Revision : 6 |
| 2014-01-10 | SMB replay attempt via NTLMSSP - overlapping encryption keys detected RuleID : 15453 - Type : OS-WINDOWS - Revision : 16 |
| 2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt RuleID : 15227 - Type : OS-WINDOWS - Revision : 11 |
| 2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt RuleID : 15226 - Type : OS-WINDOWS - Revision : 11 |
| 2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt RuleID : 15225 - Type : OS-WINDOWS - Revision : 13 |
| 2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt RuleID : 15224 - Type : OS-WINDOWS - Revision : 13 |
| 2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt RuleID : 15223 - Type : OS-WINDOWS - Revision : 11 |
| 2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt RuleID : 15222 - Type : OS-WINDOWS - Revision : 11 |
| 2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt RuleID : 15221 - Type : OS-WINDOWS - Revision : 13 |
| 2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt RuleID : 15220 - Type : OS-WINDOWS - Revision : 16 |
| 2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow att... RuleID : 15219 - Type : OS-WINDOWS - Revision : 11 |
| 2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt RuleID : 15218 - Type : OS-WINDOWS - Revision : 13 |
| 2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow att... RuleID : 15217 - Type : OS-WINDOWS - Revision : 13 |
| 2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt RuleID : 15216 - Type : OS-WINDOWS - Revision : 11 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2009-04-15 | Name: It is possible to execute arbitrary code on the remote Windows host using a t... File: smb_nt_ms09-010.nasl - Type: ACT_GATHER_INFO |
| 2009-04-15 | Name: A local user can elevate his privileges on the remote host. File: smb_nt_ms09-012.nasl - Type: ACT_GATHER_INFO |
| 2009-04-15 | Name: The remote host contains an API that is affected by multiple vulnerabilities. File: smb_nt_ms09-013.nasl - Type: ACT_GATHER_INFO |
| 2009-04-15 | Name: Arbitrary code can be executed on the remote host through a web browser. File: smb_nt_ms09-014.nasl - Type: ACT_GATHER_INFO |
| 2009-01-13 | Name: It may be possible to execute arbitrary code on the remote host due to a flaw... File: smb_nt_ms09-001.nasl - Type: ACT_GATHER_INFO |
| 2008-12-10 | Name: Arbitrary code can be executed on the remote host through the Microsoft GDI r... File: smb_nt_ms08-071.nasl - Type: ACT_GATHER_INFO |
