This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2006-02-14
Product Windows Xp Last view 2010-02-04
Version * Type Os
Update *  
Edition x64  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_xp

Activity : Overall

Related : CVE

  Date Alert Description
9.3 2010-02-04 CVE-2010-0555

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448.

7.1 2009-03-10 CVE-2009-0085

The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."

7.2 2009-03-10 CVE-2009-0083

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."

7.2 2009-03-10 CVE-2009-0082

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."

9.3 2009-03-10 CVE-2009-0081

The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."

8.3 2008-06-11 CVE-2008-1453

The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets.

9.3 2008-04-08 CVE-2008-1087

Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."

7.2 2008-04-08 CVE-2008-1084

Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.

9.3 2008-04-08 CVE-2008-0083

The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.

7.1 2007-09-27 CVE-2007-5133

Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png.

9.3 2006-02-14 CVE-2006-0005

Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.

CWE : Common Weakness Enumeration

%idName
36% (4) CWE-20 Improper Input Validation
18% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
18% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
9% (1) CWE-399 Resource Management Errors
9% (1) CWE-287 Improper Authentication
9% (1) CWE-189 Numeric Errors

SAINT Exploits

Description Link
Windows GDI EMF filename buffer overflow More info here
Windows Media Player plugin EMBED buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

id Description
62157 Microsoft IE text/html Content Type URLMON Sniffing Arbitrary File Access
52524 Microsoft Windows Invalid Pointer Local Privilege Escalation
52523 Microsoft Windows Handle Validation Local Privilege Escalation
52522 Microsoft Windows GDI Kernel Component Unspecified Remote Code Execution
52521 Microsoft Windows SChannel Certificate Based Authentication Spoofing Bypass
46061 Microsoft Windows Bluetooth SDP Packet Processing Remote Code Execution
45521 Microsoft Windows Explorer (explorer.exe) Malformed PNG Handling Remote DoS
44215 Microsoft Windows GDI EMF Filename Parameter Handling Overflow
44211 Microsoft Vbscript.dll VBScript Decoding Code Execution
44210 Microsoft Jscript.dll JScript Arbitrary Code Execution
44206 Microsoft Windows Kernel Unspecified Privilege Escalation
23132 Microsoft Windows Media Player Plug-in Malformed EMBED Element Arbitrary Code...

OpenVAS Exploits

id Description
2011-01-10 Name : Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerab...
File : nvt/gb_ms08-025.nasl
2009-03-11 Name : Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)
File : nvt/secpod_ms09-006.nasl
2009-03-11 Name : Vulnerability in SChannel Could Allow Spoofing (960225)
File : nvt/secpod_ms09-007.nasl
2008-09-30 Name : Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)
File : nvt/gb_ms08-030.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2009-A-0019 Microsoft Windows Secure Channel Vulnerability
Severity: Category II - VMSKEY: V0018549
2008-B-0049 Microsoft Bluetooth Stack Remote Code Execution Vulnerability (951376)
Severity: Category I - VMSKEY: V0016051
2008-B-0034 Microsoft VBScript and JScript Scripting Engines Remote Code Execution
Severity: Category II - VMSKEY: V0015940

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows Media Player Plugin for Non-IE browsers buffer overflow att...
RuleID : 5710 - Type : OS-WINDOWS - Revision : 17
2019-09-05 Microsoft Windows GDI EMF parsing arbitrary code execution attempt
RuleID : 50885 - Type : FILE-OTHER - Revision : 1
2019-09-05 Microsoft Windows GDI EMF parsing arbitrary code execution attempt
RuleID : 50884 - Type : FILE-OTHER - Revision : 1
2014-01-10 Microsoft Windows IIS SChannel improper certificate verification
RuleID : 17431 - Type : SERVER-IIS - Revision : 12
2014-01-10 Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect ...
RuleID : 16423 - Type : BROWSER-IE - Revision : 14
2014-01-10 Microsoft Internet Explorer EMF polyline overflow attempt
RuleID : 15300 - Type : BROWSER-IE - Revision : 9
2014-01-10 Microsoft Windows GDI emf filename buffer overflow attempt
RuleID : 13676 - Type : OS-WINDOWS - Revision : 10
2014-01-10 Microsoft Windows vbscript/jscript scripting engine end buffer overflow attempt
RuleID : 13449 - Type : OS-WINDOWS - Revision : 13
2014-01-10 Microsoft Windows vbscript/jscript scripting engine begin buffer overflow att...
RuleID : 13448 - Type : OS-WINDOWS - Revision : 9

Nessus® Vulnerability Scanner

id Description
2009-03-11 Name: It is possible to execute arbitrary code on the remote host.
File: smb_nt_ms09-006.nasl - Type: ACT_GATHER_INFO
2009-03-11 Name: It may be possible to spoof user identities.
File: smb_nt_ms09-007.nasl - Type: ACT_GATHER_INFO
2008-06-11 Name: Arbitrary code can be executed on the remote host through Bluetooth.
File: smb_nt_ms08-030.nasl - Type: ACT_GATHER_INFO
2008-04-08 Name: Arbitrary code can be executed on the remote host by sending a malformed file...
File: smb_nt_ms08-021.nasl - Type: ACT_GATHER_INFO
2008-04-08 Name: Arbitrary code can be executed on the remote host through the web or email cl...
File: smb_nt_ms08-022.nasl - Type: ACT_GATHER_INFO
2008-04-08 Name: A local user can elevate his privileges on the remote host.
File: smb_nt_ms08-025.nasl - Type: ACT_GATHER_INFO
2006-02-14 Name: Arbitrary code can be executed on the remote host through Media Player.
File: smb_nt_ms06-006.nasl - Type: ACT_GATHER_INFO