This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2008-09-16
Product Windows Xp Last view 2010-02-10
Version * Type Os
Update sp2  
Edition pro_x64  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_xp

Activity : Overall

Related : CVE

  Date Alert Description
10 2010-02-10 CVE-2010-0231

The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."

7.8 2010-02-10 CVE-2010-0022

The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."

7.1 2010-02-10 CVE-2010-0021

Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."

9 2010-02-10 CVE-2010-0020

The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."

9.3 2010-02-04 CVE-2010-0555

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448.

9.3 2009-08-12 CVE-2009-1133

Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."

9.3 2009-04-15 CVE-2009-0550

Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."

5.8 2009-04-15 CVE-2009-0089

Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."

9.3 2009-04-15 CVE-2009-0088

The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."

6.9 2009-04-15 CVE-2009-0079

The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."

7.2 2009-04-15 CVE-2009-0078

The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."

10 2009-01-14 CVE-2008-4835

SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."

9.3 2008-12-10 CVE-2008-3465

Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."

9.3 2008-12-10 CVE-2008-2249

Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."

7.1 2008-09-16 CVE-2008-4114

srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."

CWE : Common Weakness Enumeration

%idName
26% (4) CWE-20 Improper Input Validation
20% (3) CWE-264 Permissions, Privileges, and Access Controls
13% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
13% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
6% (1) CWE-399 Resource Management Errors
6% (1) CWE-362 Race Condition
6% (1) CWE-310 Cryptographic Issues
6% (1) CWE-189 Numeric Errors

CAPEC : Common Attack Pattern Enumeration & Classification

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Name
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7 Blind SQL Injection
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-28 Fuzzing
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-42 MIME Conversion
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-63 Simple Script Injection
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-66 SQL Injection
CAPEC-67 String Format Overflow in syslog()
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic

SAINT Exploits

Description Link
Internet Explorer WinINet credential reflection vulnerability More info here

Open Source Vulnerability Database (OSVDB)

id Description
62256 Microsoft Windows SMB Server Crafted Network Message Remote Code Execution
62255 Microsoft Windows SMB Server Crafted Packet Handling Remote DoS
62254 Microsoft Windows SMB Server Crafted Packet Handling NULL Dereference Remote DoS
62253 Microsoft Windows SMB Server NTLM Authentication Nonce Entropy Weakness
62157 Microsoft IE text/html Content Type URLMON Sniffing Arbitrary File Access
56911 Microsoft Remote Desktop Server (RDS) mstscax.dll Packet Parsing Remote Overflow
53667 Microsoft Windows RPCSS Service Isolation Local Privilege Escalation
53666 Microsoft Windows Management Instrumentation (WMI) Service Isolation Local Pr...
53663 Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack ...
53621 Microsoft Windows HTTP Services Digital Certificate Distinguished Name Mismat...
53619 Microsoft Windows HTTP Services NTLM Credential Replay Privileged Code Execution
52692 Microsoft SMB NT Trans2 Request Parsing Unspecified Remote Code Execution
50562 Microsoft Windows GDI WMF Image Size Parameter Parsing Overflow
50561 Microsoft Windows GDI WMF Image Parsing Integer Math Overflow
48153 Microsoft Windows srv.sys WRITE_ANDX SMB Packet Handling Remote DoS

ExploitDB Exploits

id Description
15266 Windows NTLM Weak Nonce Vulnerability
12273 Windows 7/2008R2 SMB Client Trans2 Stack Overflow 10-020 PoC

OpenVAS Exploits

id Description
2010-10-22 Name : Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468)
File : nvt/secpod_ms10-012-remote.nasl
2010-03-18 Name : Vulnerabilities in SMB Could Allow Remote Code Execution (958687) - Remote
File : nvt/secpod_ms09-001_remote.nasl
2010-02-10 Name : Microsoft Windows SMB Server Multiple Vulnerabilities (971468)
File : nvt/secpod_ms10-012.nasl
2009-08-12 Name : Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706)
File : nvt/secpod_ms09-044.nasl
2009-04-15 Name : Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
File : nvt/secpod_ms09-012.nasl
2009-04-15 Name : Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803)
File : nvt/secpod_ms09-013.nasl
2009-04-15 Name : Microsoft Internet Explorer Remote Code Execution Vulnerability (963027)
File : nvt/secpod_ms09-014.nasl
2009-01-14 Name : Vulnerabilities in SMB Could Allow Remote Code Execution (958687)
File : nvt/secpod_ms09-001.nasl
2008-12-12 Name : WordPad and Office Text Converter Memory Corruption Vulnerability (960477)
File : nvt/secpod_ms_wordpad_mult_vuln.nasl
2008-12-10 Name : Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
File : nvt/secpod_ms08-071.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2009-A-0071 Multiple Vulnerabilities in Microsoft Remote Desktop Connection
Severity: Category II - VMSKEY: V0019884
2009-A-0034 Microsoft Windows HTTP Services Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0018756
2009-A-0032 Multiple Vulnerabilities in WordPad and Office Text Converters
Severity: Category I - VMSKEY: V0018752
2008-A-0086 Microsoft GDI Remote Code Execution Vulnerabilities
Severity: Category II - VMSKEY: V0017910

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2018-06-12 SMB client NULL deref race condition attempt
RuleID : 46637 - Type : NETBIOS - Revision : 1
2017-08-01 Microsoft GDI WMF file parsing integer overflow attempt
RuleID : 43362 - Type : FILE-IMAGE - Revision : 2
2017-08-01 Microsoft GDI WMF file parsing integer overflow attempt
RuleID : 43361 - Type : FILE-IMAGE - Revision : 2
2017-08-01 Microsoft GDI WMF file parsing integer overflow attempt
RuleID : 43360 - Type : FILE-IMAGE - Revision : 2
2017-08-01 Microsoft GDI WMF file parsing integer overflow attempt
RuleID : 43359 - Type : FILE-IMAGE - Revision : 2
2014-06-19 Microsoft Office Word WordPerfect converter buffer overflow attempt
RuleID : 31032 - Type : FILE-OFFICE - Revision : 2
2014-06-19 Microsoft Office Word WordPerfect converter buffer overflow attempt
RuleID : 31031 - Type : FILE-OFFICE - Revision : 2
2014-01-10 possible SMB replay attempt - overlapping encryption keys detected
RuleID : 17723 - Type : OS-WINDOWS - Revision : 12
2014-01-10 Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect ...
RuleID : 16423 - Type : BROWSER-IE - Revision : 14
2014-01-10 SMB client NULL deref race condition attempt
RuleID : 16418 - Type : NETBIOS - Revision : 10
2014-01-10 Microsoft Windows SMB unicode invalid server name share access
RuleID : 16404 - Type : OS-WINDOWS - Revision : 12
2014-01-10 Microsoft Windows SMB unicode andx invalid server name share access
RuleID : 16403 - Type : OS-WINDOWS - Revision : 12
2014-01-10 Microsoft Windows SMB invalid server name share access
RuleID : 16402 - Type : OS-WINDOWS - Revision : 12
2014-01-10 Microsoft Windows SMB andx invalid server name share access
RuleID : 16401 - Type : OS-WINDOWS - Revision : 12
2014-01-10 Microsoft Windows SMB unicode invalid server name share access
RuleID : 16400 - Type : OS-WINDOWS - Revision : 14
2014-01-10 Microsoft Windows SMB unicode andx invalid server name share access
RuleID : 16399 - Type : OS-WINDOWS - Revision : 14
2014-01-10 Microsoft Windows SMB invalid server name share access
RuleID : 16398 - Type : OS-WINDOWS - Revision : 14
2014-01-10 Microsoft Windows SMB andx invalid server name share access
RuleID : 16397 - Type : OS-WINDOWS - Revision : 14
2014-01-10 SMB server srvnet.sys driver race condition attempt
RuleID : 16396 - Type : NETBIOS - Revision : 5
2014-01-10 Microsoft Windows SMB COPY command oversized pathname attempt
RuleID : 16395 - Type : OS-WINDOWS - Revision : 7
2014-01-10 Remote Desktop orderType remote code execution attempt
RuleID : 15850 - Type : OS-WINDOWS - Revision : 13
2014-01-10 Telnet-based NTLM replay attack attempt
RuleID : 15847 - Type : OS-WINDOWS - Revision : 14
2014-01-10 IIS ASP/ASP.NET potentially malicious file upload attempt
RuleID : 15470 - Type : FILE-EXECUTABLE - Revision : 8
2014-01-10 Microsoft Office WordPad WordPerfect 6.x converter buffer overflow attempt
RuleID : 15466 - Type : FILE-OFFICE - Revision : 13
2014-01-10 WinHTTP SSL/TLS impersonation attempt
RuleID : 15456 - Type : SERVER-OTHER - Revision : 6

Nessus® Vulnerability Scanner

id Description
2010-09-13 Name: It is possible to execute arbitrary code on the remote Windows host due to fl...
File: smb_kb971468.nasl - Type: ACT_GATHER_INFO
2010-02-09 Name: It is possible to execute arbitrary code on the remote Windows host due to fl...
File: smb_nt_ms10-012.nasl - Type: ACT_GATHER_INFO
2009-08-11 Name: Arbitrary code can be executed on the remote host through Microsoft Remote De...
File: macosx_rdesktop.nasl - Type: ACT_GATHER_INFO
2009-08-11 Name: It is possible to execute arbitrary code on the remote host.
File: smb_nt_ms09-044.nasl - Type: ACT_GATHER_INFO
2009-04-15 Name: It is possible to execute arbitrary code on the remote Windows host using a t...
File: smb_nt_ms09-010.nasl - Type: ACT_GATHER_INFO
2009-04-15 Name: A local user can elevate his privileges on the remote host.
File: smb_nt_ms09-012.nasl - Type: ACT_GATHER_INFO
2009-04-15 Name: The remote host contains an API that is affected by multiple vulnerabilities.
File: smb_nt_ms09-013.nasl - Type: ACT_GATHER_INFO
2009-04-15 Name: Arbitrary code can be executed on the remote host through a web browser.
File: smb_nt_ms09-014.nasl - Type: ACT_GATHER_INFO
2009-01-13 Name: It may be possible to execute arbitrary code on the remote host due to a flaw...
File: smb_nt_ms09-001.nasl - Type: ACT_GATHER_INFO
2008-12-10 Name: Arbitrary code can be executed on the remote host through the Microsoft GDI r...
File: smb_nt_ms08-071.nasl - Type: ACT_GATHER_INFO