This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2005-05-02
Product Windows Xp Last view 2017-06-22
Version * Type Os
Update sp1  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_xp

Activity : Overall

Related : CVE

  Date Alert Description
8.1 2017-06-22 CVE-2017-0176

A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.

4.9 2010-05-06 CVE-2010-1735

The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

4.9 2010-05-06 CVE-2010-1734

The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

9.3 2009-07-29 CVE-2009-1919

Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via an HTML document containing embedded style sheets that modify unspecified rule properties that cause the behavior element to be "improperly processed," aka "Uninitialized Memory Corruption Vulnerability."

7.2 2009-04-15 CVE-2009-0078

The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."

7.1 2008-10-20 CVE-2008-4609

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

7.1 2008-06-11 CVE-2008-1440

Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."

7.1 2007-09-27 CVE-2007-5133

Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png.

10 2007-04-10 CVE-2007-1946

Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp.

2.1 2005-05-02 CVE-2005-0904

Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe.

CWE : Common Weakness Enumeration

%idName
40% (4) CWE-20 Improper Input Validation
10% (1) CWE-399 Resource Management Errors
10% (1) CWE-264 Permissions, Privileges, and Access Controls
10% (1) CWE-189 Numeric Errors
10% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
10% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
10% (1) CWE-16 Configuration

CAPEC : Common Attack Pattern Enumeration & Classification

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Name
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7 Blind SQL Injection
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-28 Fuzzing
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-42 MIME Conversion
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-63 Simple Script Injection
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-66 SQL Injection
CAPEC-67 String Format Overflow in syslog()
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic

Open Source Vulnerability Database (OSVDB)

id Description
64058 Microsoft Windows win32k.sys SfnINSTRING() Local DoS
64057 Microsoft Windows win32k.sys SfnLOGONNOTIFY() Local DoS
62144 F5 Multiple Products TCP/IP Implementation Queue Connection Saturation TCP St...
61133 Citrix Multiple Products TCP/IP Implementation Queue Connection Saturation TC...
59482 Blue Coat Multiple Products TCP/IP Implementation Queue Connection Saturation...
58614 McAfee Email and Web Security Appliance TCP/IP Implementation Queue Connectio...
58321 Check Point Multiple Products TCP/IP Implementation Queue Connection Saturati...
58189 Yamaha RT Series Routers TCP/IP Implementation Queue Connection Saturation TC...
57993 Solaris TCP/IP Implementation Queue Connection Saturation TCP State Table Rem...
57795 Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State...
57794 Multiple BSD TCP/IP Implementation Queue Connection Saturation TCP State Tabl...
57793 Multiple Linux TCP/IP Implementation Queue Connection Saturation TCP State Ta...
56695 Microsoft IE HTML Embedded CSS Property Modification Memory Corruption
53666 Microsoft Windows Management Instrumentation (WMI) Service Isolation Local Pr...
50286 Cisco TCP/IP Implementation Queue Connection Saturation TCP State Table Remot...
46067 Microsoft Windows Pragmatic General Multicast (PGM) Packet Handling Remote DoS
45521 Microsoft Windows Explorer (explorer.exe) Malformed PNG Handling Remote DoS
41553 Microsoft Windows Explorer BMP Width Dimension Handling Overflow
15011 Microsoft Windows Remote Desktop TSShutdn.exe Unauthenticated Shutdown DoS

OpenVAS Exploits

id Description
2011-01-10 Name : Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability ...
File : nvt/gb_ms08-036.nasl
2010-05-13 Name : Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities
File : nvt/gb_ms_win_kernel_win32k_sys_mult_dos_vuln.nasl
2009-09-10 Name : Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
File : nvt/secpod_ms09-048.nasl
2009-07-29 Name : Cumulative Security Update for Internet Explorer (972260)
File : nvt/secpod_ms09-034.nasl
2009-04-15 Name : Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
File : nvt/secpod_ms09-012.nasl
2008-09-04 Name : FreeBSD Ports: p5-Imager
File : nvt/freebsd_p5-Imager.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2008-T-0025 Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerabilities
Severity: Category I - VMSKEY: V0016038

Snort® IPS/IDS

Date Description
2017-04-19 Microsoft Windows empty RDP cookie negotiation attempt
RuleID : 42255-community - Type : OS-WINDOWS - Revision : 4
2017-05-16 Microsoft Windows empty RDP cookie negotiation attempt
RuleID : 42255 - Type : OS-WINDOWS - Revision : 4
2014-01-10 Microsoft Windows TCP stack zero window size exploit attempt
RuleID : 16294 - Type : OS-WINDOWS - Revision : 15
2014-01-10 TCP window closed before receiving data
RuleID : 15912 - Type : OS-WINDOWS - Revision : 9
2014-01-10 Microsoft Internet Explorer CSS handling memory corruption attempt
RuleID : 15732 - Type : BROWSER-IE - Revision : 12
2014-01-10 IIS ASP/ASP.NET potentially malicious file upload attempt
RuleID : 15470 - Type : FILE-EXECUTABLE - Revision : 8
2014-01-10 Microsoft Windows PGM denial of service attempt
RuleID : 13827 - Type : OS-WINDOWS - Revision : 13

Nessus® Vulnerability Scanner

id Description
2017-06-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_june_xp_2003.nasl - Type: ACT_GATHER_INFO
2014-10-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL10509.nasl - Type: ACT_GATHER_INFO
2010-09-01 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20090908-tcp24http.nasl - Type: ACT_GATHER_INFO
2009-09-08 Name: Multiple vulnerabilities in the Windows TCP/IP implementation could lead to d...
File: smb_nt_ms09-048.nasl - Type: ACT_GATHER_INFO
2009-07-28 Name: Arbitrary code can be executed on the remote host through a web browser.
File: smb_nt_ms09-034.nasl - Type: ACT_GATHER_INFO
2009-04-15 Name: A local user can elevate his privileges on the remote host.
File: smb_nt_ms09-012.nasl - Type: ACT_GATHER_INFO
2008-06-10 Name: An unauthenticated attacker can crash the remote host.
File: smb_nt_ms08-036.nasl - Type: ACT_GATHER_INFO
2007-05-02 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_632c98beaad24af2849f41a6862afd6a.nasl - Type: ACT_GATHER_INFO
2005-03-24 Name: It is possible to shutdown the remote host.
File: smb_nt_889323.nasl - Type: ACT_GATHER_INFO