This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2000-04-14
Product Windows Xp Last view 2008-10-20
Version * Type Os
Update sp2  
Edition home  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_xp

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.1 2008-10-20 CVE-2008-4609

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

7.1 2007-06-06 CVE-2007-2237

Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.

9.3 2007-04-30 CVE-2007-2374

Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.

7.1 2007-03-16 CVE-2007-1492

winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file.

4.6 2007-02-22 CVE-2007-0843

The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.

6.9 2006-12-21 CVE-2006-6696

Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.

4.3 2006-09-12 CVE-2006-0032

Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.

5 2006-07-26 CVE-2006-3880

** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."

5.4 2006-07-05 CVE-2006-3351

Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers.

9.3 2006-06-13 CVE-2006-2379

Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.

6.8 2006-06-13 CVE-2006-2378

Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.

7.5 2006-06-13 CVE-2006-2371

Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."

7.5 2006-06-13 CVE-2006-2370

Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."

6.8 2006-06-13 CVE-2006-1313

Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.

5.1 2006-04-11 CVE-2006-0012

Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."

5.1 2006-04-03 CVE-2006-1591

Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file.

7.8 2006-02-14 CVE-2006-0021

Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."

6.5 2006-02-14 CVE-2006-0013

Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.

7.2 2006-02-14 CVE-2006-0008

The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.

9.3 2006-01-10 CVE-2006-0010

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.

7.5 2006-01-09 CVE-2006-0143

Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths.

2.1 2005-12-31 CVE-2005-4697

The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll.

2.1 2005-12-31 CVE-2005-4696

The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network.

7.5 2005-12-28 CVE-2005-4560

The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.

4.9 2005-12-04 CVE-2005-3981

** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.

CWE : Common Weakness Enumeration

%idName
36% (4) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
18% (2) CWE-399 Resource Management Errors
18% (2) CWE-264 Permissions, Privileges, and Access Controls
9% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
9% (1) CWE-20 Improper Input Validation
9% (1) CWE-16 Configuration

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-21 Exploitation of Session Variables, Resource IDs and other Trusted Credentials
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-59 Session Credential Falsification through Prediction
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-75 Manipulating Writeable Configuration Files
CAPEC-76 Manipulating Input to File System Calls
CAPEC-89 Pharming
CAPEC-111 JSON Hijacking (aka JavaScript Hijacking)

SAINT Exploits

Description Link
Windows RRAS memory corruption vulnerability More info here
Windows WMF handling vulnerability More info here
Windows RASMAN registry corruption vulnerability More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
62144 F5 Multiple Products TCP/IP Implementation Queue Connection Saturation TCP St...
61133 Citrix Multiple Products TCP/IP Implementation Queue Connection Saturation TC...
59482 Blue Coat Multiple Products TCP/IP Implementation Queue Connection Saturation...
59241 Microsoft Windows CreateRemoteThread Function Arbitrary Writeable Process Ter...
58614 McAfee Email and Web Security Appliance TCP/IP Implementation Queue Connectio...
58321 Check Point Multiple Products TCP/IP Implementation Queue Connection Saturati...
58189 Yamaha RT Series Routers TCP/IP Implementation Queue Connection Saturation TC...
57993 Solaris TCP/IP Implementation Queue Connection Saturation TCP State Table Rem...
57795 Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State...
57794 Multiple BSD TCP/IP Implementation Queue Connection Saturation TCP State Tabl...
57793 Multiple Linux TCP/IP Implementation Queue Connection Saturation TCP State Ta...
50286 Cisco TCP/IP Implementation Queue Connection Saturation TCP State Table Remot...
38494 Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) ICO Handling DoS
35637 Microsoft Windows Unspecified Remote Code Execution
34101 Microsoft Windows XP winmm.dll mmioRead Function DoS
33474 Microsoft Windows ReadDirectoryChangesW API Function File System Information ...
31659 Microsoft Windows CSRSS MessageBox Function Privilege Escalation
29409 Microsoft Windows TCP 135 Crafted Packet Saturation DoS
28729 Microsoft Windows Indexing Service Unspecified XSS
28372 Microsoft Windows Explorer URL Passing Recursive file Tag Local DoS
26437 Microsoft Windows RRAS RASMAN Remote Overflow
26436 Microsoft Windows RASMAN RPC Request Remote Overflow
26434 Microsoft JScript Object Release Memory Corruption
26433 Microsoft Windows TCP/IP Protocol Driver Source Routing Overflow
26432 Microsoft Windows jgdw400.dll ART Image Rendering Overflow

ExploitDB Exploits

id Description
4044 MS Windows GDI+ ICO File Remote Denial of Service Exploit
1065 MS Windows (SMB) Transaction Response Handling Exploit (MS05-011)
1019 MS Windows COM Structured Storage Local Exploit (MS05-012)

OpenVAS Exploits

id Description
2011-01-14 Name : Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnera...
File : nvt/gb_ms07-021.nasl
2009-09-10 Name : Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
File : nvt/secpod_ms09-048.nasl
2005-11-03 Name : IE 5.01 5.5 6.0 Cumulative patch (890923)
File : nvt/smb_nt_ms02-005.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2005-A-0001 Multiple Vulnerabilities in Microsoft Windows
Severity: Category I - VMSKEY: V0005996

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 Microsoft Agent v1.5 ActiveX function call access
RuleID : 8856 - Type : BROWSER-PLUGINS - Revision : 12
2014-01-10 Microsoft Agent v1.5 ActiveX clsid unicode access
RuleID : 8855 - Type : WEB-ACTIVEX - Revision : 7
2014-01-10 Indexing Service ciRestriction cross-site scripting attempt
RuleID : 8349 - Type : SERVER-IIS - Revision : 8
2014-01-10 SMB-DS webdav DavrCreateConnection WriteAndX unicode little endian andx objec...
RuleID : 8348 - Type : NETBIOS - Revision : 7
2014-01-10 SMB webdav DavrCreateConnection WriteAndX little endian andx object call user...
RuleID : 8347 - Type : NETBIOS - Revision : 7
2014-01-10 SMB-DS webdav DavrCreateConnection little endian andx username overflow attempt
RuleID : 8346 - Type : NETBIOS - Revision : 7
2014-01-10 SMB-DS webdav DavrCreateConnection WriteAndX little endian andx username over...
RuleID : 8345 - Type : NETBIOS - Revision : 7
2014-01-10 SMB-DS webdav DavrCreateConnection unicode little endian andx username overfl...
RuleID : 8344 - Type : NETBIOS - Revision : 7
2014-01-10 SMB webdav DavrCreateConnection unicode little endian andx username overflow ...
RuleID : 8343 - Type : NETBIOS - Revision : 7
2014-01-10 SMB webdav DavrCreateConnection little endian andx username overflow attempt
RuleID : 8342 - Type : NETBIOS - Revision : 7
2014-01-10 SMB webdav DavrCreateConnection WriteAndX unicode little endian andx username...
RuleID : 8341 - Type : NETBIOS - Revision : 7
2014-01-10 SMB-DS webdav DavrCreateConnection andx username overflow attempt
RuleID : 8340 - Type : NETBIOS - Revision : 7
2014-01-10 SMB webdav DavrCreateConnection WriteAndX andx username overflow attempt
RuleID : 8339 - Type : NETBIOS - Revision : 7
2014-01-10 SMB-DS webdav DavrCreateConnection WriteAndX andx username overflow attempt
RuleID : 8338 - Type : NETBIOS - Revision : 7
2014-01-10 SMB-DS webdav DavrCreateConnection WriteAndX unicode andx username overflow a...
RuleID : 8337 - Type : NETBIOS - Revision : 7
2014-01-10 SMB webdav DavrCreateConnection unicode andx username overflow attempt
RuleID : 8336 - Type : NETBIOS - Revision : 7
2014-01-10 SMB webdav DavrCreateConnection WriteAndX little endian andx username overflo...
RuleID : 8335 - Type : NETBIOS - Revision : 7
2014-01-10 SMB-DS webdav DavrCreateConnection WriteAndX unicode little endian andx usern...
RuleID : 8334 - Type : NETBIOS - Revision : 7
2014-01-10 SMB-DS webdav DavrCreateConnection unicode andx username overflow attempt
RuleID : 8333 - Type : NETBIOS - Revision : 7
2014-01-10 SMB-DS v4 webdav DavrCreateConnection little endian andx username overflow at...
RuleID : 8332 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS v4 webdav DavrCreateConnection unicode little endian andx username ove...
RuleID : 8331 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS v4 webdav DavrCreateConnection WriteAndX little endian andx username o...
RuleID : 8330 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS v4 webdav DavrCreateConnection unicode andx username overflow attempt
RuleID : 8329 - Type : NETBIOS - Revision : 5
2014-01-10 SMB v4 webdav DavrCreateConnection WriteAndX unicode little endian andx usern...
RuleID : 8328 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS v4 webdav DavrCreateConnection andx username overflow attempt
RuleID : 8327 - Type : NETBIOS - Revision : 5

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-10-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL10509.nasl - Type: ACT_GATHER_INFO
2010-09-01 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20090908-tcp24http.nasl - Type: ACT_GATHER_INFO
2009-09-08 Name: Multiple vulnerabilities in the Windows TCP/IP implementation could lead to d...
File: smb_nt_ms09-048.nasl - Type: ACT_GATHER_INFO
2007-04-10 Name: Arbitrary code can be executed on the remote host through the web browser.
File: smb_nt_ms07-021.nasl - Type: ACT_GATHER_INFO
2006-09-12 Name: The remote web server is vulnerable to a cross-site scripting attack.
File: smb_nt_ms06-053.nasl - Type: ACT_GATHER_INFO
2006-06-13 Name: It is possible to execute code on the remote host.
File: smb_kb911280.nasl - Type: ACT_GATHER_INFO
2006-06-13 Name: It is possible to execute code on the remote host.
File: smb_nt_ms06-032.nasl - Type: ACT_GATHER_INFO
2006-06-13 Name: It is possible to execute code on the remote host.
File: smb_nt_ms06-025.nasl - Type: ACT_GATHER_INFO
2006-06-13 Name: Arbitrary code can be executed on the remote host through the web or email cl...
File: smb_nt_ms06-023.nasl - Type: ACT_GATHER_INFO
2006-06-13 Name: Arbitrary code can be executed on the remote host through the web client.
File: smb_nt_ms06-022.nasl - Type: ACT_GATHER_INFO
2006-04-11 Name: Vulnerabilities in the Windows Explorer could allow an attacker to execute ar...
File: smb_nt_ms06-015.nasl - Type: ACT_GATHER_INFO
2006-02-15 Name: Arbitrary code can be executed on the remote host.
File: smb_kb911927.nasl - Type: ACT_GATHER_INFO
2006-02-14 Name: Arbitrary code can be executed on the remote host.
File: smb_nt_ms06-008.nasl - Type: ACT_GATHER_INFO
2006-02-14 Name: A local user may elevate his privileges.
File: smb_nt_ms06-009.nasl - Type: ACT_GATHER_INFO
2006-02-14 Name: It is possible to crash the remote host due to a flaw in the TCP/IP stack.
File: smb_nt_ms06-007.nasl - Type: ACT_GATHER_INFO
2006-01-10 Name: Arbitrary code can be executed on the remote host by sending a malformed file...
File: smb_nt_ms06-002.nasl - Type: ACT_GATHER_INFO
2006-01-05 Name: Arbitrary code can be executed on the remote host by sending a malformed file...
File: smb_nt_ms06-001.nasl - Type: ACT_GATHER_INFO
2005-10-11 Name: A flaw in the remote network connection manager could allow an attacker to ca...
File: smb_nt_ms05-045.nasl - Type: ACT_GATHER_INFO
2005-08-09 Name: It is possible to crash the remote desktop service.
File: smb_nt_ms05-041.nasl - Type: ACT_GATHER_INFO
2005-06-14 Name: Arbitrary code can be executed on the remote host through the training software.
File: smb_nt_ms05-031.nasl - Type: ACT_GATHER_INFO
2005-06-14 Name: It is possible to spoof the content of a website.
File: smb_nt_ms05-032.nasl - Type: ACT_GATHER_INFO
2005-06-14 Name: Arbitrary code can be executed on the remote host through the web client.
File: smb_nt_ms05-026.nasl - Type: ACT_GATHER_INFO
2005-04-12 Name: Arbitrary code can be executed on the remote host through the web client.
File: smb_nt_ms05-016.nasl - Type: ACT_GATHER_INFO
2005-04-12 Name: A local user can elevate his privileges on the remote host.
File: smb_nt_ms05-018.nasl - Type: ACT_GATHER_INFO
2005-02-08 Name: Arbitrary code can be executed on the remote host through the web client.
File: smb_nt_ms05-013.nasl - Type: ACT_GATHER_INFO