This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2007-02-22
Product Windows Xp Last view 2013-08-14
Version * Type Os
Update sp2  
Edition professional  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_xp

Activity : Overall

Related : CVE

  Date Alert Description
10 2013-08-14 CVE-2013-3175

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a malformed asynchronous RPC request, aka "Remote Procedure Call Vulnerability."

6.8 2010-08-16 CVE-2010-1886

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."

4.9 2010-05-06 CVE-2010-1735

The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

4.9 2010-05-06 CVE-2010-1734

The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

6.9 2009-10-14 CVE-2009-2516

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."

7.2 2009-10-14 CVE-2009-2515

Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."

7.8 2009-09-08 CVE-2009-1926

Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."

7.1 2008-10-20 CVE-2008-4609

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

7.1 2007-06-06 CVE-2007-3091

Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability."

7.1 2007-06-06 CVE-2007-2237

Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.

9.3 2007-04-30 CVE-2007-2374

Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.

7.1 2007-03-16 CVE-2007-1492

winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file.

4.6 2007-02-22 CVE-2007-0843

The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.

CWE : Common Weakness Enumeration

%idName
33% (3) CWE-264 Permissions, Privileges, and Access Controls
33% (3) CWE-20 Improper Input Validation
11% (1) CWE-362 Race Condition
11% (1) CWE-189 Numeric Errors
11% (1) CWE-16 Configuration

Open Source Vulnerability Database (OSVDB)

id Description
67083 Microsoft Windows TAPI Server (TAPISRV) Service Isolation Bypass Local Privil...
64058 Microsoft Windows win32k.sys SfnINSTRING() Local DoS
64057 Microsoft Windows win32k.sys SfnLOGONNOTIFY() Local DoS
62144 F5 Multiple Products TCP/IP Implementation Queue Connection Saturation TCP St...
61133 Citrix Multiple Products TCP/IP Implementation Queue Connection Saturation TC...
59482 Blue Coat Multiple Products TCP/IP Implementation Queue Connection Saturation...
58860 Microsoft Windows Kernel User Mode PE File Handling NULL Dereference Local Pr...
58859 Microsoft Windows Kernel 64-bit Value Conversion Truncation Local Privilege E...
58614 McAfee Email and Web Security Appliance TCP/IP Implementation Queue Connectio...
58321 Check Point Multiple Products TCP/IP Implementation Queue Connection Saturati...
58189 Yamaha RT Series Routers TCP/IP Implementation Queue Connection Saturation TC...
57993 Solaris TCP/IP Implementation Queue Connection Saturation TCP State Table Rem...
57797 Microsoft Windows TCP/IP Orphaned Connection Handling Remote DoS
57795 Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State...
57794 Multiple BSD TCP/IP Implementation Queue Connection Saturation TCP State Tabl...
57793 Multiple Linux TCP/IP Implementation Queue Connection Saturation TCP State Ta...
54944 Microsoft IE Race Condition Cross-Domain Information Disclosure
50286 Cisco TCP/IP Implementation Queue Connection Saturation TCP State Table Remot...
38497 Microsoft IE Page Transaction Race Condition Arbitrary Code Execution
38494 Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) ICO Handling DoS
35637 Microsoft Windows Unspecified Remote Code Execution
34101 Microsoft Windows XP winmm.dll mmioRead Function DoS
33474 Microsoft Windows ReadDirectoryChangesW API Function File System Information ...

ExploitDB Exploits

id Description
4044 MS Windows GDI+ ICO File Remote Denial of Service Exploit

OpenVAS Exploits

id Description
2010-05-13 Name : Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities
File : nvt/gb_ms_win_kernel_win32k_sys_mult_dos_vuln.nasl
2009-10-14 Name : Microsoft Windows Kernel Privilege Escalation Vulnerability (971486)
File : nvt/secpod_ms09-058.nasl
2009-09-10 Name : Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
File : nvt/secpod_ms09-048.nasl
2009-06-15 Name : Ubuntu USN-785-1 (ipsec-tools)
File : nvt/ubuntu_785_1.nasl
2009-06-10 Name : Cumulative Security Update for Internet Explorer (969897)
File : nvt/secpod_ms09-019.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2013-A-0163 Microsoft Windows Remote Procedure Call (RPC) Elevation of Privilege Vulnerab...
Severity: Category I - VMSKEY: V0040034
2009-A-0077 Multiple Microsoft TCP/IP Remote Code Execution Vulnerabilities
Severity: Category I - VMSKEY: V0019917

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows TCP stack zero window size exploit attempt
RuleID : 16294 - Type : OS-WINDOWS - Revision : 15
2014-01-10 Microsoft Internet Explorer Javascript Page update race condition attempt
RuleID : 16010 - Type : BROWSER-IE - Revision : 9
2014-01-10 TCP window closed before receiving data
RuleID : 15912 - Type : OS-WINDOWS - Revision : 10
2014-01-10 Microsoft Internet Explorer cross-domain navigation cookie stealing attempt
RuleID : 15529 - Type : BROWSER-IE - Revision : 9

Nessus® Vulnerability Scanner

id Description
2014-10-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL10509.nasl - Type: ACT_GATHER_INFO
2013-08-14 Name: The Windows install on the remote host is affected by a privilege escalation ...
File: smb_nt_ms13-062.nasl - Type: ACT_GATHER_INFO
2010-09-01 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20090908-tcp24http.nasl - Type: ACT_GATHER_INFO
2010-08-26 Name: The remote Windows host has a privilege escalation vulnerability.
File: smb_kb982316.nasl - Type: ACT_GATHER_INFO
2009-10-13 Name: The Windows kernel is vulnerable to multiple buffer overflow attacks.
File: smb_nt_ms09-058.nasl - Type: ACT_GATHER_INFO
2009-09-08 Name: Multiple vulnerabilities in the Windows TCP/IP implementation could lead to d...
File: smb_nt_ms09-048.nasl - Type: ACT_GATHER_INFO
2009-06-10 Name: Arbitrary code can be executed on the remote host through a web browser.
File: smb_nt_ms09-019.nasl - Type: ACT_GATHER_INFO