This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2006-11-06
Product Windows Xp Last view 2017-06-22
Version * Type Os
Update sp2  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_xp

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.1 2017-06-22 CVE-2017-0176

A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.

7.2 2013-11-27 CVE-2013-5065

NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.

9.3 2013-08-14 CVE-2013-3181

usp10.dll in the Unicode Scripts Processor in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."

6.9 2013-05-24 CVE-2013-3660

The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."

10 2012-12-11 CVE-2012-4786

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."

7.2 2012-05-08 CVE-2012-0181

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."

9.3 2012-05-08 CVE-2012-0159

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."

9.3 2011-12-30 CVE-2011-5046

The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."

9.3 2011-12-13 CVE-2011-3397

The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."

7.2 2011-12-13 CVE-2011-2018

The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."

9.3 2011-11-04 CVE-2011-3402

Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."

9.3 2011-10-11 CVE-2011-1247

Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."

7.5 2011-04-13 CVE-2011-0657

DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."

7.6 2011-04-13 CVE-2010-3974

fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."

4.3 2010-06-15 CVE-2010-2265

Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.

9.3 2010-06-15 CVE-2010-1885

The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."

6.8 2010-06-08 CVE-2010-1255

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."

7.2 2010-06-08 CVE-2010-0819

Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."

9.3 2010-06-08 CVE-2010-0811

Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."

6.8 2010-06-08 CVE-2010-0485

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."

6.8 2010-06-08 CVE-2010-0484

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."

4.9 2010-05-06 CVE-2010-1735

The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

4.9 2010-05-06 CVE-2010-1734

The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

6.4 2010-04-14 CVE-2010-0812

Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."

9.3 2010-04-14 CVE-2010-0487

The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."

CWE : Common Weakness Enumeration

%idName
22% (31) CWE-20 Improper Input Validation
19% (27) CWE-94 Failure to Control Generation of Code ('Code Injection')
15% (21) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12% (17) CWE-264 Permissions, Privileges, and Access Controls
11% (16) CWE-189 Numeric Errors
10% (14) CWE-399 Resource Management Errors
2% (3) CWE-362 Race Condition
1% (2) CWE-310 Cryptographic Issues
1% (2) CWE-200 Information Exposure
1% (2) CWE-16 Configuration
0% (1) CWE-287 Improper Authentication
0% (1) CWE-255 Credentials Management
0% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
0% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
0% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...

CAPEC : Common Attack Pattern Enumeration & Classification

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Name
CAPEC-2 Inducing Account Lockout
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7 Blind SQL Injection
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-28 Fuzzing
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-42 MIME Conversion
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-63 Simple Script Injection
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-66 SQL Injection
CAPEC-67 String Format Overflow in syslog()

SAINT Exploits

Description Link
Internet Explorer iepeers.dll use-after-free vulnerability More info here
Microsoft Jet Engine MDB file ColumnName buffer overflow More info here
Windows Server Service buffer overflow MS08-067 More info here
Microsoft Windows Movie Maker IsValidWMToolsStream buffer overflow More info here
Internet Explorer WinINet credential reflection vulnerability More info here
Microsoft WordPad Word97 text converter buffer overflow More info here
Internet Explorer Tabular Data Control DataURL memory corruption More info here
Windows GDI EMF filename buffer overflow More info here
Microsoft DirectX DirectShow QuickTime movie parsing vulnerability More info here
Windows Animated Cursor Header buffer overflow More info here
Windows Help and Support Center -FromHCP URL whitelist bypass More info here
Windows GDI Privilege Elevation More info here
Microsoft Office Art Property Table Memory Corruption More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
77908 Microsoft Windows win32k.sys Safari IFRAME Height Attribute Handling Remote M...
77666 Microsoft Windows Kernel Exception Handler Local Privilege Escalation
77665 Microsoft Time ActiveX (DATIME.DLL) Unspecified IE Web Page Handling Remote C...
76843 Microsoft Windows Win32k TrueType Font Handling Privilege Escalation
76231 Microsoft Windows Active Accessibility Path Subversion Arbitrary DLL Injectio...
71780 Microsoft Windows DNS Client Service LLMNR Query Processing Remote Code Execu...
71775 Microsoft Windows Fax Cover Page Editor Memory Corruption
65529 Microsoft Windows Help and Support Center sysinfo/sysinfomain.htm svr Paramet...
65264 Microsoft Windows hcp:// Protocol Handler MPC::HexToNum() Function String Mis...
65225 Microsoft Windows Kernel-Mode Driver Window Creation Local Privilege Escalation
65224 Microsoft Windows Kernel-Mode Driver Win32k.sys GetDCEx() Function Device Con...
65223 Microsoft Windows Kernel-Mode Driver TrueType Font Parsing Local Privilege Es...
65218 Microsoft IE 8 Developer Tools ActiveX Remote Code Execution
65217 Microsoft Windows OpenType Compact Font Format (CFF) Driver Privilege Escalation
64925 Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption ...
64058 Microsoft Windows win32k.sys SfnINSTRING() Local DoS
64057 Microsoft Windows win32k.sys SfnLOGONNOTIFY() Local DoS
63765 Microsoft Windows Media Player ActiveX fourCC Compression Code Codec Retrieva...
63749 Microsoft Windows MPEG Layer-3 Audio Decoder AVI File Handling Overflow
63747 Microsoft Windows ISATAP Component IPv6 Tunneled Packet IP Address Spoofing W...
63746 Microsoft Windows Authenticode Signature Verification Cabview Manipulation Pr...
63745 Microsoft Windows Authenticode WinVerifyTrust Signature Manipulation Validati...
63736 Microsoft Windows Kernel Symbolic Link Value Processing Unspecified Local DoS
63733 Microsoft Windows Kernel Registry Link Symbolic Link Extraction Local Privile...
63731 Microsoft Windows Kernel Registry Hive Symbolic Link Creation Local Privilege...

ExploitDB Exploits

id Description
30392 Microsoft Windows ndproxy.sys - Local Privilege Escalation
30014 Windows NDPROXY Local SYSTEM Privilege Escalation
26554 Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation
17659 MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow
16590 Internet Explorer DHTML Behaviors Use After Free
15266 Windows NTLM Weak Nonce Vulnerability
14895 MOAUB #5 - Microsoft MPEG Layer-3 Remote Command Execution Exploit
14886 MOAUB #4 - Movie Maker Remote Code Execution (MS10-016)
14608 Microsoft Windows CreateWindow Function Callback Vulnerability (MS10-048)
12273 Windows 7/2008R2 SMB Client Trans2 Stack Overflow 10-020 PoC
12032 Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution
11683 Microsoft Internet Explorer iepeers.dll Use-After-Free Exploit (meta)
4044 MS Windows GDI+ ICO File Remote Denial of Service Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-12 Name : Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (...
File : nvt/secpod_ms12-078.nasl
2012-06-13 Name : Microsoft Lync Remote Code Execution Vulnerabilities (2707956)
File : nvt/secpod_ms12-039.nasl
2012-05-14 Name : Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
File : nvt/secpod_ms12-034_macosx.nasl
2012-05-09 Name : MS Security Update For Microsoft Office, .NET Framework, and Silverlight (268...
File : nvt/secpod_ms12-034.nasl
2012-02-15 Name : Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2660465)
File : nvt/secpod_ms12-008.nasl
2011-12-14 Name : Microsoft Windows Time Component Remote Code Execution Vulnerability (2618451)
File : nvt/secpod_ms11-090.nasl
2011-12-14 Name : Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053)
File : nvt/secpod_ms11-087.nasl
2011-12-13 Name : Microsoft Windows Kernel Privilege Elevation Vulnerability (2633171)
File : nvt/secpod_ms11-098.nasl
2011-11-07 Name : Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability
File : nvt/gb_ms_truetype_font_privilege_elevation_vuln.nasl
2011-10-12 Name : Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)
File : nvt/secpod_ms11-075.nasl
2011-04-13 Name : Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control V...
File : nvt/secpod_ms11-027.nasl
2011-04-13 Name : Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)
File : nvt/secpod_ms11-030.nasl
2011-04-13 Name : Windows Fax Cover Page Editor Remote Code Execution Vulnerability (2527308)
File : nvt/secpod_ms11-024.nasl
2011-01-18 Name : Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593)
File : nvt/gb_ms08-052.nasl
2011-01-14 Name : Vulnerability in RPC Could Allow Denial of Service (933729)
File : nvt/gb_ms07-058.nasl
2011-01-14 Name : Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
File : nvt/gb_ms07-017.nasl
2011-01-13 Name : Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (941644)
File : nvt/gb_ms08-001.nasl
2011-01-10 Name : Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability ...
File : nvt/gb_ms08-036.nasl
2011-01-10 Name : Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerab...
File : nvt/gb_ms08-025.nasl
2010-10-22 Name : Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468)
File : nvt/secpod_ms10-012-remote.nasl
2010-07-14 Name : Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593)
File : nvt/secpod_ms10-042.nasl
2010-07-08 Name : Microsoft Windows GDI Multiple Vulnerabilities (925902)
File : nvt/ms07-017.nasl
2010-06-11 Name : MS Windows Help and Support Center Remote Code Execution Vulnerability
File : nvt/gb_ms_windows_help_n_support_center_code_exec_vuln.nasl
2010-06-09 Name : Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vu...
File : nvt/secpod_ms10-037.nasl
2010-06-09 Name : Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability ...
File : nvt/secpod_ms10-034.nasl

Information Assurance Vulnerability Management (IAVM)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-A-0004 Microsoft Windows Kernel Privilege Escalation Vulnerability
Severity: Category II - VMSKEY: V0043405
2013-A-0164 Microsoft Windows Unicode Scripts Processor Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0040037
2012-A-0079 Combined Security Update for Microsoft Office Windows .NET Framework and Silv...
Severity: Category I - VMSKEY: V0032304
2011-A-0167 Microsoft Cumulative Security Update of ActiveX Kill Bits
Severity: Category II - VMSKEY: V0030830
2011-A-0138 Microsoft Active Accessibility Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0030402
2011-A-0039 Microsoft DNS Resolution Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0026514
2011-B-0045 Microsoft Windows Fax Cover Page Editor Vulnerability
Severity: Category II - VMSKEY: V0026509
2010-A-0095 Microsoft Help and Support Center Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0024848
2010-B-0030 Microsoft Windows ISATAP Spoofing Vulnerability
Severity: Category I - VMSKEY: V0023956
2010-A-0053 Microsoft MPEG Layer-3 Codecs Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0023999
2010-A-0052 Microsoft Windows Media Player Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0024002
2010-A-0029 Microsoft Windows Shell Handler Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0022683
2010-B-0014 Microsoft Paint Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0022674
2009-A-0126 Microsoft Internet Authentication Service Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0022101
2009-A-0128 Microsoft WordPad and Office Text Converters Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0021551
2009-A-0095 Multiple Vulnerabilities in Microsoft Windows CryptoAPI
Severity: Category I - VMSKEY: V0021760
2009-A-0099 Multiple Vulnerabilities in Microsoft GDI+
Severity: Category I - VMSKEY: V0021759
2009-A-0097 Multiple Vulnerabilities in Microsoft Active Template Library
Severity: Category II - VMSKEY: V0021756
2009-B-0053 Microsoft Indexing Services Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0021750
2009-B-0054 Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial o...
Severity: Category I - VMSKEY: V0021747
2009-A-0091 Multiple Vulnerabilities in Microsoft Windows Media Runtime
Severity: Category II - VMSKEY: V0021744
2009-A-0077 Multiple Microsoft TCP/IP Remote Code Execution Vulnerabilities
Severity: Category I - VMSKEY: V0019917
2009-A-0067 Multiple Vulnerabilities in Microsoft Active Template Library
Severity: Category II - VMSKEY: V0019882
2009-B-0033 Multiple Vulnerabilities in Visual Studio Active Template Library
Severity: Category II - VMSKEY: V0019798
2009-A-0049 Microsoft Windows AFD Driver Local Privilege Escalation Vulnerability
Severity: Category I - VMSKEY: V0019589

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 Microsoft Agent v1.5 ActiveX function call access
RuleID : 8856 - Type : BROWSER-PLUGINS - Revision : 12
2014-01-10 Microsoft Agent v1.5 ActiveX clsid unicode access
RuleID : 8855 - Type : WEB-ACTIVEX - Revision : 7
2014-01-10 Microsoft Agent v2.0 ActiveX function call access
RuleID : 8854 - Type : BROWSER-PLUGINS - Revision : 14
2014-01-10 Microsoft Agent v2.0 ActiveX clsid unicode access
RuleID : 8853 - Type : WEB-ACTIVEX - Revision : 8
2014-01-10 Microsoft Agent v2.0 ActiveX clsid access
RuleID : 8852 - Type : BROWSER-PLUGINS - Revision : 15
2014-01-10 Microsoft Agent Custom Proxy Class ActiveX clsid unicode access
RuleID : 8851 - Type : WEB-ACTIVEX - Revision : 7
2014-01-10 Microsoft Agent Custom Proxy Class ActiveX clsid access
RuleID : 8850 - Type : BROWSER-PLUGINS - Revision : 13
2014-01-10 Microsoft Agent Notify Sink Custom Proxy Class ActiveX clsid unicode access
RuleID : 8849 - Type : WEB-ACTIVEX - Revision : 7
2014-01-10 Microsoft Agent Notify Sink Custom Proxy Class ActiveX clsid access
RuleID : 8848 - Type : BROWSER-PLUGINS - Revision : 13
2014-01-10 Microsoft Agent Character Custom Proxy Class ActiveX clsid unicode access
RuleID : 8847 - Type : WEB-ACTIVEX - Revision : 7
2014-01-10 Microsoft Agent Character Custom Proxy Class ActiveX clsid access
RuleID : 8846 - Type : BROWSER-PLUGINS - Revision : 13
2014-01-10 HTML Help ActiveX clsid unicode access
RuleID : 7440 - Type : WEB-ACTIVEX - Revision : 8
2014-01-10 Microsoft Internet Explorer HTML Help ActiveX clsid access
RuleID : 7439 - Type : BROWSER-PLUGINS - Revision : 16
2014-01-10 Microsoft Multiple Products malformed PNG detected tEXt overflow attempt
RuleID : 6700 - Type : FILE-IMAGE - Revision : 20
2014-01-10 Microsoft Windows wmf file arbitrary code execution attempt
RuleID : 5318 - Type : FILE-MULTIMEDIA - Revision : 20
2020-03-19 Microsoft Windows Data Analyzer 3.5 ActiveX clsid access
RuleID : 53118 - Type : BROWSER-PLUGINS - Revision : 1
2020-03-19 Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt
RuleID : 53117 - Type : BROWSER-PLUGINS - Revision : 1
2020-03-19 Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt
RuleID : 53116 - Type : BROWSER-PLUGINS - Revision : 1
2019-12-03 Microsoft Windows GDI+ EMF buffer overwrite attempt
RuleID : 52035 - Type : OS-WINDOWS - Revision : 1
2019-12-03 Microsoft Windows GDI+ EMF buffer overwrite attempt
RuleID : 52034 - Type : OS-WINDOWS - Revision : 1
2019-12-03 Microsoft Windows GDI+ EMF buffer overwrite attempt
RuleID : 52033 - Type : OS-WINDOWS - Revision : 1
2019-12-03 Microsoft Windows GDI+ EMF buffer overwrite attempt
RuleID : 52032 - Type : OS-WINDOWS - Revision : 1
2019-12-03 Microsoft Windows GDI+ EMF buffer overwrite attempt
RuleID : 52031 - Type : OS-WINDOWS - Revision : 1
2019-12-03 Microsoft Windows GDI+ EMF buffer overwrite attempt
RuleID : 52030 - Type : OS-WINDOWS - Revision : 1
2019-10-10 Microsoft Windows WordPad and Office text converter integer overflow attempt
RuleID : 51473 - Type : FILE-OFFICE - Revision : 1

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-04-03 Name: The remote web server may allow remote code execution.
File: iis_7_pci.nasl - Type: ACT_GATHER_INFO
2017-06-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_june_xp_2003.nasl - Type: ACT_GATHER_INFO
2014-10-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL10509.nasl - Type: ACT_GATHER_INFO
2014-03-10 Name: Arbitrary code can be executed on the remote host through the Microsoft GDI r...
File: smb_kb957488.nasl - Type: ACT_GATHER_INFO
2014-03-05 Name: The DNS server running on the remote host is vulnerable to DNS spoofing attacks.
File: ms_dns_kb951746.nasl - Type: ACT_GATHER_INFO
2014-01-14 Name: The Windows kernel on the remote host is affected by a privilege escalation v...
File: smb_nt_ms14-002.nasl - Type: ACT_GATHER_INFO
2013-08-14 Name: It is possible to execute arbitrary code on the remote Windows host using the...
File: smb_nt_ms13-060.nasl - Type: ACT_GATHER_INFO
2013-07-10 Name: The Windows kernel on the remote host is affected by multiple vulnerabilities.
File: smb_nt_ms13-053.nasl - Type: ACT_GATHER_INFO
2012-12-11 Name: The remote Windows host is affected by remote code execution vulnerabilities.
File: smb_nt_ms12-078.nasl - Type: ACT_GATHER_INFO
2012-06-13 Name: Arbitrary code can be executed on the remote host through Microsoft Lync.
File: smb_nt_ms12-039.nasl - Type: ACT_GATHER_INFO
2012-05-09 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms12-034.nasl - Type: ACT_GATHER_INFO
2012-05-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms12-034.nasl - Type: ACT_GATHER_INFO
2012-02-14 Name: The remote Windows kernel is affected by multiple remote code execution vulne...
File: smb_nt_ms12-008.nasl - Type: ACT_GATHER_INFO
2011-12-13 Name: The remote Windows kernel is affected by a remote code execution vulnerability.
File: smb_nt_ms11-087.nasl - Type: ACT_GATHER_INFO
2011-12-13 Name: The remote Windows host is missing an update that disables selected ActiveX c...
File: smb_nt_ms11-090.nasl - Type: ACT_GATHER_INFO
2011-12-13 Name: The Windows kernel is affected by a vulnerability that could result in privil...
File: smb_nt_ms11-098.nasl - Type: ACT_GATHER_INFO
2011-10-11 Name: The remote Windows host contains a component that could allow remote code exe...
File: smb_nt_ms11-075.nasl - Type: ACT_GATHER_INFO
2011-04-21 Name: Arbitrary code can be executed on the remote host through the installed Windo...
File: llmnr-ms11-030.nasl - Type: ACT_GATHER_INFO
2011-04-13 Name: A fax cover page editor on the remote host has a memory corruption vulnerabil...
File: smb_nt_ms11-024.nasl - Type: ACT_GATHER_INFO
2011-04-13 Name: The remote Windows host is missing an update that disables selected ActiveX c...
File: smb_nt_ms11-027.nasl - Type: ACT_GATHER_INFO
2011-04-13 Name: Arbitrary code can be executed on the remote host through the installed Windo...
File: smb_nt_ms11-030.nasl - Type: ACT_GATHER_INFO
2011-01-27 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_flash-player-6386.nasl - Type: ACT_GATHER_INFO
2010-10-11 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_java-1_5_0-ibm-6741.nasl - Type: ACT_GATHER_INFO
2010-09-13 Name: It is possible to execute arbitrary code on the remote Windows host due to fl...
File: smb_kb971468.nasl - Type: ACT_GATHER_INFO
2010-09-01 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20090908-tcp24http.nasl - Type: ACT_GATHER_INFO