This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2006-11-06
Product Windows Xp Last view 2012-01-10
Version * Type Os
Update sp2  
Edition professional_x64  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_xp

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.3 2012-01-10 CVE-2012-0013

Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."

9.3 2012-01-10 CVE-2012-0009

Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."

6.9 2012-01-10 CVE-2012-0005

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."

9.3 2012-01-10 CVE-2012-0003

Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."

9.3 2012-01-10 CVE-2012-0001

The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."

9.3 2011-12-29 CVE-2011-3417

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."

8.5 2011-12-29 CVE-2011-3416

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."

6.8 2011-12-29 CVE-2011-3415

Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."

7.8 2011-12-29 CVE-2011-3414

The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."

9.3 2010-02-10 CVE-2010-0016

The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."

9.3 2009-10-14 CVE-2009-3126

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."

9.3 2009-10-14 CVE-2009-2528

GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."

6.9 2009-10-14 CVE-2009-2516

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."

7.5 2009-10-14 CVE-2009-2511

Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."

9.3 2009-10-14 CVE-2009-2504

Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."

9.3 2009-10-14 CVE-2009-2503

GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."

9.3 2009-10-14 CVE-2009-2502

Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."

9.3 2009-10-14 CVE-2009-2501

Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."

9.3 2009-10-14 CVE-2009-2500

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."

9.3 2009-09-08 CVE-2009-2519

The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."

8.5 2009-09-08 CVE-2009-2499

Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability."

9.3 2009-09-08 CVE-2009-2498

Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."

9.3 2009-09-08 CVE-2009-1920

The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability."

9.3 2009-07-29 CVE-2009-1919

Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via an HTML document containing embedded style sheets that modify unspecified rule properties that cause the behavior element to be "improperly processed," aka "Uninitialized Memory Corruption Vulnerability."

9.3 2009-07-15 CVE-2009-0232

Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."

CWE : Common Weakness Enumeration

%idName
27% (9) CWE-94 Failure to Control Generation of Code ('Code Injection')
21% (7) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
15% (5) CWE-189 Numeric Errors
12% (4) CWE-264 Permissions, Privileges, and Access Controls
9% (3) CWE-20 Improper Input Validation
6% (2) CWE-399 Resource Management Errors
6% (2) CWE-16 Configuration
3% (1) CWE-362 Race Condition

CAPEC : Common Attack Pattern Enumeration & Classification

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Name
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7 Blind SQL Injection
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-28 Fuzzing
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-42 MIME Conversion
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-63 Simple Script Injection
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-66 SQL Injection
CAPEC-67 String Format Overflow in syslog()
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic

SAINT Exploits

Description Link
Windows Server Service buffer overflow MS08-067 More info here
Windows Media MIDI Invalid Channel More info here
Microsoft DirectX DirectShow QuickTime movie parsing vulnerability More info here
Microsoft DirectShow Video Streaming ActiveX IMPEG2TuneRequest Overflow More info here
Windows Animated Cursor Header buffer overflow More info here
Microsoft Office ClickOnce Unsafe Execution More info here
Windows GDI Privilege Elevation More info here
Windows Object Packager Insecure Execution More info here
Microsoft Office Art Property Table Memory Corruption More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
78212 Microsoft Windows Object Packager Path Subversion packager.exe Loading Remote...
78210 Microsoft Windows Multimedia Library (winmm.dll) MIDI File Handling Remote Co...
78209 Microsoft Windows Ntdll.dll Structured Exception Handling Tables Loading Safe...
78207 Microsoft Windows Embedded ClickOnce Application Office File Handling Remote ...
78206 Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unicode Character ...
78057 Microsoft .NET Framework ASP.NET Hash Collision Web Form Post Parsing Remote DoS
78056 Microsoft .NET Framework Forms Authentication Sliding Expiry Cached Content P...
78055 Microsoft .NET Framework ASP.NET Username Parsing Authentication Bypass
78054 Microsoft .NET Framework Forms Authentication Return URL Handling Arbitrary S...
62244 Microsoft Windows SMB Client Negotiate Protocol Response Handling Remote Code...
62144 F5 Multiple Products TCP/IP Implementation Queue Connection Saturation TCP St...
61133 Citrix Multiple Products TCP/IP Implementation Queue Connection Saturation TC...
59482 Blue Coat Multiple Products TCP/IP Implementation Queue Connection Saturation...
58869 Microsoft Office Malformed Object Handling Memory Corruption Arbitrary Code E...
58868 Microsoft Multiple Products GDI+ PNG Image Handling Integer Overflow
58867 Microsoft Multiple Products GDI+ .NET API Code Execution Privilege Escalation
58866 Microsoft Multiple Products GDI+ TIFF Image Handling Memory Corruption Arbitr...
58865 Microsoft Multiple Products GDI+ TIFF Image Handling Overflow
58864 Microsoft Multiple Products GDI+ PNG Image Handling Heap Overflow
58863 Microsoft Multiple Products GDI+ WMF Image Handling Overflow
58860 Microsoft Windows Kernel User Mode PE File Handling NULL Dereference Local Pr...
58856 Microsoft Windows CryptoAPI X.509 Certificate Object Identifier Handling Over...
58614 McAfee Email and Web Security Appliance TCP/IP Implementation Queue Connectio...
58321 Check Point Multiple Products TCP/IP Implementation Queue Connection Saturati...
58189 Yamaha RT Series Routers TCP/IP Implementation Queue Connection Saturation TC...

ExploitDB Exploits

id Description
19037 MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
18426 MS12-004 midiOutPlayNextPolyEvent Heap Overflow
18372 Microsoft Windows Assembly Execution Vulnerability MS12-005
4044 MS Windows GDI+ ICO File Remote Denial of Service Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-01-11 Name : Windows ClickOnce Application Installer Remote Code Execution Vulnerability (...
File : nvt/secpod_ms12-005.nasl
2012-01-11 Name : Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (26...
File : nvt/secpod_ms12-004.nasl
2012-01-11 Name : MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerabilit...
File : nvt/secpod_ms12-003.nasl
2012-01-11 Name : Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381)
File : nvt/secpod_ms12-002.nasl
2012-01-11 Name : Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615)
File : nvt/secpod_ms12-001.nasl
2011-12-30 Name : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)
File : nvt/secpod_ms11-100.nasl
2011-01-14 Name : Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
File : nvt/gb_ms07-017.nasl
2010-07-08 Name : Microsoft Windows GDI Multiple Vulnerabilities (925902)
File : nvt/ms07-017.nasl
2010-03-18 Name : Vulnerabilities in SMB Could Allow Remote Code Execution (958687) - Remote
File : nvt/secpod_ms09-001_remote.nasl
2010-02-10 Name : Microsoft SMB Client Remote Code Execution Vulnerabilities (978251)
File : nvt/secpod_ms10-006.nasl
2009-10-21 Name : Microsoft Products GDI Plus Code Execution Vulnerabilities (957488)
File : nvt/secpod_ms09-062.nasl
2009-10-14 Name : Microsoft Windows Kernel Privilege Escalation Vulnerability (971486)
File : nvt/secpod_ms09-058.nasl
2009-10-14 Name : Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571)
File : nvt/secpod_ms09-056.nasl
2009-09-10 Name : Microsoft JScript Scripting Engine Remote Code Execution Vulnerability (971961)
File : nvt/secpod_ms09-045.nasl
2009-09-10 Name : Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
File : nvt/secpod_ms09-048.nasl
2009-09-10 Name : Microsoft Windows Media Format Remote Code Execution Vulnerability (973812)
File : nvt/secpod_ms09-047.nasl
2009-09-10 Name : Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability...
File : nvt/secpod_ms09-046.nasl
2009-08-14 Name : Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908)
File : nvt/secpod_ms09-037.nasl
2009-07-29 Name : Cumulative Security Update for Internet Explorer (972260)
File : nvt/secpod_ms09-034.nasl
2009-07-15 Name : Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities...
File : nvt/secpod_ms09-029.nasl
2009-07-15 Name : Microsoft DirectShow Remote Code Execution Vulnerability (961373)
File : nvt/secpod_ms09-028.nasl
2009-07-09 Name : Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability
File : nvt/gb_ms_video_actvx_bof_vuln_jul09.nasl
2009-06-15 Name : Ubuntu USN-785-1 (ipsec-tools)
File : nvt/ubuntu_785_1.nasl
2009-06-10 Name : Cumulative Security Update for Internet Explorer (969897)
File : nvt/secpod_ms09-019.nasl
2009-06-01 Name : Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
File : nvt/secpod_ms_directx_code_exec_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2012-A-0003 Microsoft Windows Kernel Security Bypass Vulnerability
Severity: Category I - VMSKEY: V0030998
2012-A-0005 Multiple Remote Code Execution Vulnerabilities in Microsoft Windows Media
Severity: Category II - VMSKEY: V0031000
2012-A-0006 Microsoft Windows Object Packager Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0031001
2012-A-0007 Microsoft Windows Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0031010
2012-A-0001 Multiple Vulnerabilities in Microsoft .NET Framework
Severity: Category I - VMSKEY: V0030927
2009-A-0099 Multiple Vulnerabilities in Microsoft GDI+
Severity: Category I - VMSKEY: V0021759
2009-A-0095 Multiple Vulnerabilities in Microsoft Windows CryptoAPI
Severity: Category I - VMSKEY: V0021760
2009-A-0074 Microsoft JScript Scripting Engine Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0019914
2009-A-0075 Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0019915
2009-A-0076 Multiple Vulnerabilities in Microsoft Windows Media Format
Severity: Category II - VMSKEY: V0019916
2009-A-0067 Multiple Vulnerabilities in Microsoft Active Template Library
Severity: Category II - VMSKEY: V0019882
2009-A-0049 Microsoft Windows AFD Driver Local Privilege Escalation Vulnerability
Severity: Category I - VMSKEY: V0019589
2008-A-0081 Microsoft Server Service Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0017870
2007-A-0021 Microsoft Agent URL Parsing Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0013934
2007-A-0020 Multiple Vulnerabilities in Microsoft Windows GDI
Severity: Category I - VMSKEY: V0013883

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 Microsoft Agent v1.5 ActiveX function call access
RuleID : 8856 - Type : BROWSER-PLUGINS - Revision : 12
2014-01-10 Microsoft Agent v1.5 ActiveX clsid unicode access
RuleID : 8855 - Type : WEB-ACTIVEX - Revision : 7
2014-01-10 Microsoft Agent v2.0 ActiveX function call access
RuleID : 8854 - Type : BROWSER-PLUGINS - Revision : 14
2014-01-10 Microsoft Agent v2.0 ActiveX clsid unicode access
RuleID : 8853 - Type : WEB-ACTIVEX - Revision : 8
2014-01-10 Microsoft Agent v2.0 ActiveX clsid access
RuleID : 8852 - Type : BROWSER-PLUGINS - Revision : 15
2014-01-10 Microsoft Agent Custom Proxy Class ActiveX clsid unicode access
RuleID : 8851 - Type : WEB-ACTIVEX - Revision : 7
2014-01-10 Microsoft Agent Custom Proxy Class ActiveX clsid access
RuleID : 8850 - Type : BROWSER-PLUGINS - Revision : 13
2014-01-10 Microsoft Agent Notify Sink Custom Proxy Class ActiveX clsid unicode access
RuleID : 8849 - Type : WEB-ACTIVEX - Revision : 7
2014-01-10 Microsoft Agent Notify Sink Custom Proxy Class ActiveX clsid access
RuleID : 8848 - Type : BROWSER-PLUGINS - Revision : 13
2014-01-10 Microsoft Agent Character Custom Proxy Class ActiveX clsid unicode access
RuleID : 8847 - Type : WEB-ACTIVEX - Revision : 7
2014-01-10 Microsoft Agent Character Custom Proxy Class ActiveX clsid access
RuleID : 8846 - Type : BROWSER-PLUGINS - Revision : 13
2014-01-10 Microsoft Multiple Products malformed PNG detected tEXt overflow attempt
RuleID : 6700 - Type : FILE-IMAGE - Revision : 20
2019-09-17 Microsoft Windows Object Packager ClickOnce object remote code execution attempt
RuleID : 51029 - Type : OS-WINDOWS - Revision : 1
2019-09-17 Microsoft Windows Object Packager ClickOnce object remote code execution attempt
RuleID : 51028 - Type : OS-WINDOWS - Revision : 1
2019-09-05 Microsoft Windows mp3 file malformed ID3 APIC header code execution attempt
RuleID : 50893 - Type : FILE-MULTIMEDIA - Revision : 1
2019-09-05 Microsoft Windows mp3 file malformed ID3 APIC header code execution attempt
RuleID : 50892 - Type : FILE-MULTIMEDIA - Revision : 1
2019-08-27 Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt
RuleID : 50798 - Type : FILE-IMAGE - Revision : 1
2014-01-10 Microsoft Windows Agent v1.5 ActiveX clsid access
RuleID : 4172 - Type : BROWSER-PLUGINS - Revision : 15
2014-01-10 Microsoft Internet Explorer DHTML Editing ActiveX clsid access
RuleID : 4148 - Type : BROWSER-PLUGINS - Revision : 23
2016-03-14 Microsoft Windows malformed WMF meta escape record memory corruption attempt
RuleID : 36856 - Type : FILE-IMAGE - Revision : 2
2016-03-14 Microsoft Internet Explorer DHTML Editing ActiveX clsid access
RuleID : 36783 - Type : BROWSER-PLUGINS - Revision : 3
2016-03-14 Microsoft Internet Explorer DHTML Editing ActiveX clsid access
RuleID : 36782 - Type : BROWSER-PLUGINS - Revision : 3
2015-04-07 Microsoft Windows Media MIDI file memory corruption attempt
RuleID : 33684 - Type : FILE-OTHER - Revision : 3
2015-03-19 Microsoft Windows GDI+ TIFF file parsing heap overflow attempt
RuleID : 33518 - Type : FILE-IMAGE - Revision : 3
2015-03-19 Microsoft Windows GDI+ TIFF file parsing heap overflow attempt
RuleID : 33517 - Type : FILE-IMAGE - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-10-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL10509.nasl - Type: ACT_GATHER_INFO
2014-03-10 Name: Arbitrary code can be executed on the remote host through the Microsoft GDI r...
File: smb_kb957488.nasl - Type: ACT_GATHER_INFO
2012-07-17 Name: The remote device has a denial of service vulnerability.
File: juniper_psn-2012-07-650.nasl - Type: ACT_GATHER_INFO
2012-01-10 Name: Opening a specially crafted Microsoft Office file could result in arbitrary c...
File: smb_nt_ms12-005.nasl - Type: ACT_GATHER_INFO
2012-01-10 Name: Opening a specially crafted media file could result in arbitrary code execution.
File: smb_nt_ms12-004.nasl - Type: ACT_GATHER_INFO
2012-01-10 Name: The remote Windows host has a privilege escalation vulnerability.
File: smb_nt_ms12-003.nasl - Type: ACT_GATHER_INFO
2012-01-10 Name: The remote host is affected by a remote code execution vulnerability.
File: smb_nt_ms12-002.nasl - Type: ACT_GATHER_INFO
2012-01-10 Name: The remote Windows host has a flaw in a security feature that is utilized by ...
File: smb_nt_ms12-001.nasl - Type: ACT_GATHER_INFO
2011-12-29 Name: The version of ASP.NET Framework installed on the remote host is affected by ...
File: smb_nt_ms11-100.nasl - Type: ACT_GATHER_INFO
2010-09-01 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20090908-tcp24http.nasl - Type: ACT_GATHER_INFO
2010-02-09 Name: Arbitrary code can be executed on the remote host through its SMB client.
File: smb_nt_ms10-006.nasl - Type: ACT_GATHER_INFO
2009-10-15 Name: Arbitrary code can be executed on the remote host through the Microsoft GDI r...
File: smb_nt_ms09-062.nasl - Type: ACT_GATHER_INFO
2009-10-13 Name: The Windows kernel is vulnerable to multiple buffer overflow attacks.
File: smb_nt_ms09-058.nasl - Type: ACT_GATHER_INFO
2009-10-13 Name: Certain identity validation methods may be bypassed allowing impersonation.
File: smb_nt_ms09-056.nasl - Type: ACT_GATHER_INFO
2009-09-08 Name: Arbitrary code can be executed on the remote host through opening a Windows M...
File: smb_nt_ms09-047.nasl - Type: ACT_GATHER_INFO
2009-09-08 Name: Multiple vulnerabilities in the Windows TCP/IP implementation could lead to d...
File: smb_nt_ms09-048.nasl - Type: ACT_GATHER_INFO
2009-09-08 Name: Arbitrary code can be executed on the remote host through an ActiveX control.
File: smb_nt_ms09-046.nasl - Type: ACT_GATHER_INFO
2009-09-08 Name: Arbitrary code can be executed on the remote host through the web or email cl...
File: smb_nt_ms09-045.nasl - Type: ACT_GATHER_INFO
2009-08-11 Name: Arbitrary code can be executed on the remote host through Microsoft Active Te...
File: smb_nt_ms09-037.nasl - Type: ACT_GATHER_INFO
2009-07-28 Name: Arbitrary code can be executed on the remote host through a web browser.
File: smb_nt_ms09-034.nasl - Type: ACT_GATHER_INFO
2009-07-14 Name: It is possible to execute arbitrary code on the remote Windows host using the...
File: smb_nt_ms09-029.nasl - Type: ACT_GATHER_INFO
2009-07-14 Name: It is possible to execute arbitrary code on the remote Windows host using Dir...
File: smb_nt_ms09-028.nasl - Type: ACT_GATHER_INFO
2009-07-07 Name: The remote Windows host is missing a security update containing ActiveX kill ...
File: smb_kb_972890.nasl - Type: ACT_GATHER_INFO
2009-06-10 Name: Arbitrary code can be executed on the remote host through a web browser.
File: smb_nt_ms09-019.nasl - Type: ACT_GATHER_INFO
2009-01-13 Name: It may be possible to execute arbitrary code on the remote host due to a flaw...
File: smb_nt_ms09-001.nasl - Type: ACT_GATHER_INFO