This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2000-04-14
Product Windows Xp Last view 2010-05-06
Version * Type Os
Update sp2  
Edition media_center  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_xp

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.9 2010-05-06 CVE-2010-1735

The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

4.9 2010-05-06 CVE-2010-1734

The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

7.1 2008-10-20 CVE-2008-4609

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

7.1 2007-09-27 CVE-2007-5133

Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png.

7.1 2007-06-06 CVE-2007-2237

Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.

9.3 2007-04-30 CVE-2007-2374

Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.

7.1 2007-03-16 CVE-2007-1492

winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file.

4.6 2007-02-22 CVE-2007-0843

The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.

6.9 2006-12-21 CVE-2006-6696

Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.

4.3 2006-09-12 CVE-2006-0032

Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.

5 2006-07-26 CVE-2006-3880

** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."

5.4 2006-07-05 CVE-2006-3351

Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers.

9.3 2006-06-13 CVE-2006-2379

Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.

6.8 2006-06-13 CVE-2006-2378

Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.

7.5 2006-06-13 CVE-2006-2371

Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."

7.5 2006-06-13 CVE-2006-2370

Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."

6.8 2006-06-13 CVE-2006-1313

Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.

5.1 2006-04-11 CVE-2006-0012

Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."

5.1 2006-04-03 CVE-2006-1591

Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file.

7.8 2006-02-14 CVE-2006-0021

Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."

7.2 2006-02-14 CVE-2006-0008

The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.

9.3 2006-02-14 CVE-2006-0005

Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.

9.3 2006-01-10 CVE-2006-0010

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.

7.5 2006-01-09 CVE-2006-0143

Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths.

2.1 2005-12-31 CVE-2005-4697

The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll.

CWE : Common Weakness Enumeration

%idName
31% (5) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
18% (3) CWE-399 Resource Management Errors
18% (3) CWE-20 Improper Input Validation
12% (2) CWE-264 Permissions, Privileges, and Access Controls
6% (1) CWE-189 Numeric Errors
6% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
6% (1) CWE-16 Configuration

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-21 Exploitation of Session Variables, Resource IDs and other Trusted Credentials
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-59 Session Credential Falsification through Prediction
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-75 Manipulating Writeable Configuration Files
CAPEC-76 Manipulating Input to File System Calls
CAPEC-89 Pharming
CAPEC-111 JSON Hijacking (aka JavaScript Hijacking)

SAINT Exploits

Description Link
Windows RRAS memory corruption vulnerability More info here
Windows WMF handling vulnerability More info here
Windows Media Player plugin EMBED buffer overflow More info here
Windows RASMAN registry corruption vulnerability More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
64058 Microsoft Windows win32k.sys SfnINSTRING() Local DoS
64057 Microsoft Windows win32k.sys SfnLOGONNOTIFY() Local DoS
62144 F5 Multiple Products TCP/IP Implementation Queue Connection Saturation TCP St...
61133 Citrix Multiple Products TCP/IP Implementation Queue Connection Saturation TC...
59482 Blue Coat Multiple Products TCP/IP Implementation Queue Connection Saturation...
59241 Microsoft Windows CreateRemoteThread Function Arbitrary Writeable Process Ter...
58614 McAfee Email and Web Security Appliance TCP/IP Implementation Queue Connectio...
58321 Check Point Multiple Products TCP/IP Implementation Queue Connection Saturati...
58189 Yamaha RT Series Routers TCP/IP Implementation Queue Connection Saturation TC...
57993 Solaris TCP/IP Implementation Queue Connection Saturation TCP State Table Rem...
57795 Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State...
57794 Multiple BSD TCP/IP Implementation Queue Connection Saturation TCP State Tabl...
57793 Multiple Linux TCP/IP Implementation Queue Connection Saturation TCP State Ta...
50286 Cisco TCP/IP Implementation Queue Connection Saturation TCP State Table Remot...
45521 Microsoft Windows Explorer (explorer.exe) Malformed PNG Handling Remote DoS
38494 Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) ICO Handling DoS
35637 Microsoft Windows Unspecified Remote Code Execution
34101 Microsoft Windows XP winmm.dll mmioRead Function DoS
33474 Microsoft Windows ReadDirectoryChangesW API Function File System Information ...
31659 Microsoft Windows CSRSS MessageBox Function Privilege Escalation
29409 Microsoft Windows TCP 135 Crafted Packet Saturation DoS
28729 Microsoft Windows Indexing Service Unspecified XSS
28372 Microsoft Windows Explorer URL Passing Recursive file Tag Local DoS
26437 Microsoft Windows RRAS RASMAN Remote Overflow
26436 Microsoft Windows RASMAN RPC Request Remote Overflow

ExploitDB Exploits

id Description
4044 MS Windows GDI+ ICO File Remote Denial of Service Exploit
1065 MS Windows (SMB) Transaction Response Handling Exploit (MS05-011)
1019 MS Windows COM Structured Storage Local Exploit (MS05-012)

OpenVAS Exploits

id Description
2011-01-14 Name : Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnera...
File : nvt/gb_ms07-021.nasl
2010-05-13 Name : Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities
File : nvt/gb_ms_win_kernel_win32k_sys_mult_dos_vuln.nasl
2009-09-10 Name : Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
File : nvt/secpod_ms09-048.nasl
2005-11-03 Name : IE 5.01 5.5 6.0 Cumulative patch (890923)
File : nvt/smb_nt_ms02-005.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2005-A-0001 Multiple Vulnerabilities in Microsoft Windows
Severity: Category I - VMSKEY: V0005996

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 Microsoft Agent v1.5 ActiveX function call access
RuleID : 8856 - Type : BROWSER-PLUGINS - Revision : 12
2014-01-10 Microsoft Agent v1.5 ActiveX clsid unicode access
RuleID : 8855 - Type : WEB-ACTIVEX - Revision : 7
2014-01-10 Indexing Service ciRestriction cross-site scripting attempt
RuleID : 8349 - Type : SERVER-IIS - Revision : 8
2014-01-10 HTML Help ActiveX CLSID unicode access
RuleID : 7441 - Type : WEB-ACTIVEX - Revision : 6
2014-01-10 Microsoft Windows Explorer invalid url file overflow attempt
RuleID : 7022 - Type : OS-WINDOWS - Revision : 15
2014-01-10 SMB v4 rras RasRpcSetUserPreferences WriteAndX andx callback number overflow ...
RuleID : 7001 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS rras RasRpcSetUserPreferences WriteAndX unicode little endian andx cal...
RuleID : 7000 - Type : NETBIOS - Revision : 7
2014-01-10 SMB rras RasRpcSetUserPreferences WriteAndX little endian andx callback numbe...
RuleID : 6999 - Type : NETBIOS - Revision : 7
2014-01-10 SMB-DS v4 rras RasRpcSetUserPreferences WriteAndX little endian andx callback...
RuleID : 6998 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS rras RasRpcSetUserPreferences WriteAndX little endian andx callback nu...
RuleID : 6997 - Type : NETBIOS - Revision : 7
2014-01-10 SMB rras RasRpcSetUserPreferences WriteAndX unicode little endian andx callba...
RuleID : 6996 - Type : NETBIOS - Revision : 7
2014-01-10 SMB rras RasRpcSetUserPreferences WriteAndX andx callback number overflow att...
RuleID : 6995 - Type : NETBIOS - Revision : 7
2014-01-10 SMB rras RasRpcSetUserPreferences unicode andx callback number overflow attempt
RuleID : 6994 - Type : NETBIOS - Revision : 7
2014-01-10 SMB rras RasRpcSetUserPreferences andx callback number overflow attempt
RuleID : 6993 - Type : NETBIOS - Revision : 7
2014-01-10 SMB-DS rras RasRpcSetUserPreferences andx callback number overflow attempt
RuleID : 6992 - Type : NETBIOS - Revision : 7
2014-01-10 SMB rras RasRpcSetUserPreferences little endian andx callback number overflow...
RuleID : 6991 - Type : NETBIOS - Revision : 7
2014-01-10 SMB v4 rras RasRpcSetUserPreferences WriteAndX unicode andx callback number o...
RuleID : 6990 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS rras RasRpcSetUserPreferences unicode andx callback number overflow at...
RuleID : 6989 - Type : NETBIOS - Revision : 7
2014-01-10 SMB-DS rras RasRpcSetUserPreferences unicode little endian andx callback numb...
RuleID : 6988 - Type : NETBIOS - Revision : 7
2014-01-10 SMB-DS rras RasRpcSetUserPreferences little endian andx callback number overf...
RuleID : 6987 - Type : NETBIOS - Revision : 7
2014-01-10 SMB-DS rras RasRpcSetUserPreferences WriteAndX unicode andx callback number o...
RuleID : 6986 - Type : NETBIOS - Revision : 7
2014-01-10 SMB-DS rras RasRpcSetUserPreferences WriteAndX andx callback number overflow ...
RuleID : 6985 - Type : NETBIOS - Revision : 7
2014-01-10 SMB v4 rras RasRpcSetUserPreferences andx callback number overflow attempt
RuleID : 6984 - Type : NETBIOS - Revision : 5
2014-01-10 SMB rras RasRpcSetUserPreferences unicode andx object call callback number ov...
RuleID : 6983 - Type : NETBIOS - Revision : 7
2014-01-10 SMB rras RasRpcSetUserPreferences andx object call callback number overflow a...
RuleID : 6982 - Type : NETBIOS - Revision : 7

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-10-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL10509.nasl - Type: ACT_GATHER_INFO
2010-09-01 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20090908-tcp24http.nasl - Type: ACT_GATHER_INFO
2009-09-08 Name: Multiple vulnerabilities in the Windows TCP/IP implementation could lead to d...
File: smb_nt_ms09-048.nasl - Type: ACT_GATHER_INFO
2007-04-10 Name: Arbitrary code can be executed on the remote host through the web browser.
File: smb_nt_ms07-021.nasl - Type: ACT_GATHER_INFO
2006-09-12 Name: The remote web server is vulnerable to a cross-site scripting attack.
File: smb_nt_ms06-053.nasl - Type: ACT_GATHER_INFO
2006-06-13 Name: It is possible to execute code on the remote host.
File: smb_kb911280.nasl - Type: ACT_GATHER_INFO
2006-06-13 Name: It is possible to execute code on the remote host.
File: smb_nt_ms06-032.nasl - Type: ACT_GATHER_INFO
2006-06-13 Name: It is possible to execute code on the remote host.
File: smb_nt_ms06-025.nasl - Type: ACT_GATHER_INFO
2006-06-13 Name: Arbitrary code can be executed on the remote host through the web or email cl...
File: smb_nt_ms06-023.nasl - Type: ACT_GATHER_INFO
2006-06-13 Name: Arbitrary code can be executed on the remote host through the web client.
File: smb_nt_ms06-022.nasl - Type: ACT_GATHER_INFO
2006-04-11 Name: Vulnerabilities in the Windows Explorer could allow an attacker to execute ar...
File: smb_nt_ms06-015.nasl - Type: ACT_GATHER_INFO
2006-02-14 Name: A local user may elevate his privileges.
File: smb_nt_ms06-009.nasl - Type: ACT_GATHER_INFO
2006-02-14 Name: It is possible to crash the remote host due to a flaw in the TCP/IP stack.
File: smb_nt_ms06-007.nasl - Type: ACT_GATHER_INFO
2006-02-14 Name: Arbitrary code can be executed on the remote host through Media Player.
File: smb_nt_ms06-006.nasl - Type: ACT_GATHER_INFO
2006-01-10 Name: Arbitrary code can be executed on the remote host by sending a malformed file...
File: smb_nt_ms06-002.nasl - Type: ACT_GATHER_INFO
2006-01-05 Name: Arbitrary code can be executed on the remote host by sending a malformed file...
File: smb_nt_ms06-001.nasl - Type: ACT_GATHER_INFO
2005-10-11 Name: A flaw in the remote network connection manager could allow an attacker to ca...
File: smb_nt_ms05-045.nasl - Type: ACT_GATHER_INFO
2005-06-14 Name: Arbitrary code can be executed on the remote host through the web client.
File: smb_nt_ms05-026.nasl - Type: ACT_GATHER_INFO
2005-06-14 Name: It is possible to spoof the content of a website.
File: smb_nt_ms05-032.nasl - Type: ACT_GATHER_INFO
2005-06-14 Name: Arbitrary code can be executed on the remote host through the training software.
File: smb_nt_ms05-031.nasl - Type: ACT_GATHER_INFO
2005-04-12 Name: A local user can elevate his privileges on the remote host.
File: smb_nt_ms05-018.nasl - Type: ACT_GATHER_INFO
2005-04-12 Name: Arbitrary code can be executed on the remote host through the web client.
File: smb_nt_ms05-016.nasl - Type: ACT_GATHER_INFO
2005-02-08 Name: Arbitrary code can be executed on the remote host through the web client.
File: smb_nt_ms05-015.nasl - Type: ACT_GATHER_INFO
2005-02-08 Name: Arbitrary code can be executed on the remote host through the web client.
File: smb_nt_ms05-013.nasl - Type: ACT_GATHER_INFO
2005-02-08 Name: Arbitrary code can be executed on the remote host through Explorer.
File: smb_nt_ms05-012.nasl - Type: ACT_GATHER_INFO