Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 2008-09-16 |
Product | Windows Xp | Last view | 2010-02-10 |
Version | * | Type | Os |
Update | sp2 | ||
Edition | pro_x64 | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:microsoft:windows_xp |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
10 | 2010-02-10 | CVE-2010-0231 | The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability." |
7.8 | 2010-02-10 | CVE-2010-0022 | The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability." |
7.1 | 2010-02-10 | CVE-2010-0021 | Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability." |
9 | 2010-02-10 | CVE-2010-0020 | The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability." |
9.3 | 2010-02-04 | CVE-2010-0555 | Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448. |
9.3 | 2009-08-12 | CVE-2009-1133 | Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability." |
9.3 | 2009-04-15 | CVE-2009-0550 | Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability." |
5.8 | 2009-04-15 | CVE-2009-0089 | Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability." |
9.3 | 2009-04-15 | CVE-2009-0088 | The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability." |
6.9 | 2009-04-15 | CVE-2009-0079 | The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability." |
7.2 | 2009-04-15 | CVE-2009-0078 | The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability." |
10 | 2009-01-14 | CVE-2008-4835 | SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability." |
9.3 | 2008-12-10 | CVE-2008-3465 | Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." |
9.3 | 2008-12-10 | CVE-2008-2249 | Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." |
7.1 | 2008-09-16 | CVE-2008-4114 | srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability." |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
26% (4) | CWE-20 | Improper Input Validation |
20% (3) | CWE-264 | Permissions, Privileges, and Access Controls |
13% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
13% (2) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
6% (1) | CWE-399 | Resource Management Errors |
6% (1) | CWE-362 | Race Condition |
6% (1) | CWE-310 | Cryptographic Issues |
6% (1) | CWE-189 | Numeric Errors |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
CAPEC-7 | Blind SQL Injection |
CAPEC-8 | Buffer Overflow in an API Call |
CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
CAPEC-10 | Buffer Overflow via Environment Variables |
CAPEC-13 | Subverting Environment Variable Values |
CAPEC-14 | Client-side Injection-induced Buffer Overflow |
CAPEC-18 | Embedding Scripts in Nonscript Elements |
CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
CAPEC-24 | Filter Failure through Buffer Overflow |
CAPEC-28 | Fuzzing |
CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
CAPEC-32 | Embedding Scripts in HTTP Query Strings |
CAPEC-42 | MIME Conversion |
CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-46 | Overflow Variables and Tags |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-52 | Embedding NULL Bytes |
CAPEC-53 | Postfix, Null Terminate, and Backslash |
CAPEC-63 | Simple Script Injection |
CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
CAPEC-66 | SQL Injection |
CAPEC-67 | String Format Overflow in syslog() |
CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
SAINT Exploits
Description | Link |
---|---|
Internet Explorer WinINet credential reflection vulnerability | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
62256 | Microsoft Windows SMB Server Crafted Network Message Remote Code Execution |
62255 | Microsoft Windows SMB Server Crafted Packet Handling Remote DoS |
62254 | Microsoft Windows SMB Server Crafted Packet Handling NULL Dereference Remote DoS |
62253 | Microsoft Windows SMB Server NTLM Authentication Nonce Entropy Weakness |
62157 | Microsoft IE text/html Content Type URLMON Sniffing Arbitrary File Access |
56911 | Microsoft Remote Desktop Server (RDS) mstscax.dll Packet Parsing Remote Overflow |
53667 | Microsoft Windows RPCSS Service Isolation Local Privilege Escalation |
53666 | Microsoft Windows Management Instrumentation (WMI) Service Isolation Local Pr... |
53663 | Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack ... |
53621 | Microsoft Windows HTTP Services Digital Certificate Distinguished Name Mismat... |
53619 | Microsoft Windows HTTP Services NTLM Credential Replay Privileged Code Execution |
52692 | Microsoft SMB NT Trans2 Request Parsing Unspecified Remote Code Execution |
50562 | Microsoft Windows GDI WMF Image Size Parameter Parsing Overflow |
50561 | Microsoft Windows GDI WMF Image Parsing Integer Math Overflow |
48153 | Microsoft Windows srv.sys WRITE_ANDX SMB Packet Handling Remote DoS |
ExploitDB Exploits
id | Description |
---|---|
15266 | Windows NTLM Weak Nonce Vulnerability |
12273 | Windows 7/2008R2 SMB Client Trans2 Stack Overflow 10-020 PoC |
OpenVAS Exploits
id | Description |
---|---|
2010-10-22 | Name : Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468) File : nvt/secpod_ms10-012-remote.nasl |
2010-03-18 | Name : Vulnerabilities in SMB Could Allow Remote Code Execution (958687) - Remote File : nvt/secpod_ms09-001_remote.nasl |
2010-02-10 | Name : Microsoft Windows SMB Server Multiple Vulnerabilities (971468) File : nvt/secpod_ms10-012.nasl |
2009-08-12 | Name : Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706) File : nvt/secpod_ms09-044.nasl |
2009-04-15 | Name : Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) File : nvt/secpod_ms09-012.nasl |
2009-04-15 | Name : Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803) File : nvt/secpod_ms09-013.nasl |
2009-04-15 | Name : Microsoft Internet Explorer Remote Code Execution Vulnerability (963027) File : nvt/secpod_ms09-014.nasl |
2009-01-14 | Name : Vulnerabilities in SMB Could Allow Remote Code Execution (958687) File : nvt/secpod_ms09-001.nasl |
2008-12-12 | Name : WordPad and Office Text Converter Memory Corruption Vulnerability (960477) File : nvt/secpod_ms_wordpad_mult_vuln.nasl |
2008-12-10 | Name : Vulnerabilities in GDI Could Allow Remote Code Execution (956802) File : nvt/secpod_ms08-071.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2009-A-0071 | Multiple Vulnerabilities in Microsoft Remote Desktop Connection Severity: Category II - VMSKEY: V0019884 |
2009-A-0034 | Microsoft Windows HTTP Services Remote Code Execution Vulnerability Severity: Category I - VMSKEY: V0018756 |
2009-A-0032 | Multiple Vulnerabilities in WordPad and Office Text Converters Severity: Category I - VMSKEY: V0018752 |
2008-A-0086 | Microsoft GDI Remote Code Execution Vulnerabilities Severity: Category II - VMSKEY: V0017910 |
Snort® IPS/IDS
Date | Description |
---|---|
2018-06-12 | SMB client NULL deref race condition attempt RuleID : 46637 - Type : NETBIOS - Revision : 1 |
2017-08-01 | Microsoft GDI WMF file parsing integer overflow attempt RuleID : 43362 - Type : FILE-IMAGE - Revision : 2 |
2017-08-01 | Microsoft GDI WMF file parsing integer overflow attempt RuleID : 43361 - Type : FILE-IMAGE - Revision : 2 |
2017-08-01 | Microsoft GDI WMF file parsing integer overflow attempt RuleID : 43360 - Type : FILE-IMAGE - Revision : 2 |
2017-08-01 | Microsoft GDI WMF file parsing integer overflow attempt RuleID : 43359 - Type : FILE-IMAGE - Revision : 2 |
2014-06-19 | Microsoft Office Word WordPerfect converter buffer overflow attempt RuleID : 31032 - Type : FILE-OFFICE - Revision : 2 |
2014-06-19 | Microsoft Office Word WordPerfect converter buffer overflow attempt RuleID : 31031 - Type : FILE-OFFICE - Revision : 2 |
2014-01-10 | possible SMB replay attempt - overlapping encryption keys detected RuleID : 17723 - Type : OS-WINDOWS - Revision : 12 |
2014-01-10 | Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect ... RuleID : 16423 - Type : BROWSER-IE - Revision : 14 |
2014-01-10 | SMB client NULL deref race condition attempt RuleID : 16418 - Type : NETBIOS - Revision : 10 |
2014-01-10 | Microsoft Windows SMB unicode invalid server name share access RuleID : 16404 - Type : OS-WINDOWS - Revision : 12 |
2014-01-10 | Microsoft Windows SMB unicode andx invalid server name share access RuleID : 16403 - Type : OS-WINDOWS - Revision : 12 |
2014-01-10 | Microsoft Windows SMB invalid server name share access RuleID : 16402 - Type : OS-WINDOWS - Revision : 12 |
2014-01-10 | Microsoft Windows SMB andx invalid server name share access RuleID : 16401 - Type : OS-WINDOWS - Revision : 12 |
2014-01-10 | Microsoft Windows SMB unicode invalid server name share access RuleID : 16400 - Type : OS-WINDOWS - Revision : 14 |
2014-01-10 | Microsoft Windows SMB unicode andx invalid server name share access RuleID : 16399 - Type : OS-WINDOWS - Revision : 14 |
2014-01-10 | Microsoft Windows SMB invalid server name share access RuleID : 16398 - Type : OS-WINDOWS - Revision : 14 |
2014-01-10 | Microsoft Windows SMB andx invalid server name share access RuleID : 16397 - Type : OS-WINDOWS - Revision : 14 |
2014-01-10 | SMB server srvnet.sys driver race condition attempt RuleID : 16396 - Type : NETBIOS - Revision : 5 |
2014-01-10 | Microsoft Windows SMB COPY command oversized pathname attempt RuleID : 16395 - Type : OS-WINDOWS - Revision : 7 |
2014-01-10 | Remote Desktop orderType remote code execution attempt RuleID : 15850 - Type : OS-WINDOWS - Revision : 13 |
2014-01-10 | Telnet-based NTLM replay attack attempt RuleID : 15847 - Type : OS-WINDOWS - Revision : 14 |
2014-01-10 | IIS ASP/ASP.NET potentially malicious file upload attempt RuleID : 15470 - Type : FILE-EXECUTABLE - Revision : 8 |
2014-01-10 | Microsoft Office WordPad WordPerfect 6.x converter buffer overflow attempt RuleID : 15466 - Type : FILE-OFFICE - Revision : 13 |
2014-01-10 | WinHTTP SSL/TLS impersonation attempt RuleID : 15456 - Type : SERVER-OTHER - Revision : 6 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2010-09-13 | Name: It is possible to execute arbitrary code on the remote Windows host due to fl... File: smb_kb971468.nasl - Type: ACT_GATHER_INFO |
2010-02-09 | Name: It is possible to execute arbitrary code on the remote Windows host due to fl... File: smb_nt_ms10-012.nasl - Type: ACT_GATHER_INFO |
2009-08-11 | Name: Arbitrary code can be executed on the remote host through Microsoft Remote De... File: macosx_rdesktop.nasl - Type: ACT_GATHER_INFO |
2009-08-11 | Name: It is possible to execute arbitrary code on the remote host. File: smb_nt_ms09-044.nasl - Type: ACT_GATHER_INFO |
2009-04-15 | Name: It is possible to execute arbitrary code on the remote Windows host using a t... File: smb_nt_ms09-010.nasl - Type: ACT_GATHER_INFO |
2009-04-15 | Name: A local user can elevate his privileges on the remote host. File: smb_nt_ms09-012.nasl - Type: ACT_GATHER_INFO |
2009-04-15 | Name: The remote host contains an API that is affected by multiple vulnerabilities. File: smb_nt_ms09-013.nasl - Type: ACT_GATHER_INFO |
2009-04-15 | Name: Arbitrary code can be executed on the remote host through a web browser. File: smb_nt_ms09-014.nasl - Type: ACT_GATHER_INFO |
2009-01-13 | Name: It may be possible to execute arbitrary code on the remote host due to a flaw... File: smb_nt_ms09-001.nasl - Type: ACT_GATHER_INFO |
2008-12-10 | Name: Arbitrary code can be executed on the remote host through the Microsoft GDI r... File: smb_nt_ms08-071.nasl - Type: ACT_GATHER_INFO |