This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2004-08-18
Product Windows Xp Last view 2010-05-06
Version * Type Os
Update sp2  
Edition tablet_pc  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_xp

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.9 2010-05-06 CVE-2010-1735

The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

4.9 2010-05-06 CVE-2010-1734

The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

7.1 2008-10-20 CVE-2008-4609

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

7.1 2007-09-27 CVE-2007-5133

Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png.

7.1 2007-06-06 CVE-2007-2237

Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.

9.3 2007-04-30 CVE-2007-2374

Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.

7.1 2007-03-16 CVE-2007-1492

winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file.

4.6 2007-02-22 CVE-2007-0843

The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.

7.2 2007-02-13 CVE-2007-0211

The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."

7.2 2007-02-13 CVE-2007-0210

The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow.

7.6 2007-02-13 CVE-2007-0026

The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.

9.3 2007-02-13 CVE-2006-1311

The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.

6.9 2006-12-21 CVE-2006-6696

Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.

5 2006-12-19 CVE-2006-6659

The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.

4.3 2006-12-15 CVE-2006-6602

explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file.

7.2 2006-12-12 CVE-2006-5585

The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."

6.8 2006-12-12 CVE-2006-4702

Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.

10 2006-11-14 CVE-2006-4691

Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.

5 2006-11-14 CVE-2006-4689

Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."

7.5 2006-11-14 CVE-2006-4688

Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."

7.5 2006-11-14 CVE-2006-3445

Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.

2.6 2006-10-30 CVE-2006-5614

Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.

9 2006-10-10 CVE-2006-4696

Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."

5.1 2006-10-10 CVE-2006-4692

Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."

7.5 2006-09-12 CVE-2006-3873

Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.

CWE : Common Weakness Enumeration

%idName
24% (6) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
16% (4) CWE-264 Permissions, Privileges, and Access Controls
16% (4) CWE-20 Improper Input Validation
12% (3) CWE-399 Resource Management Errors
12% (3) CWE-189 Numeric Errors
12% (3) CWE-94 Failure to Control Generation of Code ('Code Injection')
4% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
4% (1) CWE-16 Configuration

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-41 Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC-88 OS Command Injection
CAPEC-133 Try All Common Application Switches and Options

SAINT Exploits

Description Link
Microsoft Message Queuing buffer overflow More info here
Windows Server Service buffer overflow More info here
Windows RRAS memory corruption vulnerability More info here
Windows WMF handling vulnerability More info here
Windows Workstation service NetpManageIPCConnect buffer overflow More info here
Windows RASMAN registry corruption vulnerability More info here
Microsoft Client Service for NetWare tree name buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
64058 Microsoft Windows win32k.sys SfnINSTRING() Local DoS
64057 Microsoft Windows win32k.sys SfnLOGONNOTIFY() Local DoS
62144 F5 Multiple Products TCP/IP Implementation Queue Connection Saturation TCP St...
61133 Citrix Multiple Products TCP/IP Implementation Queue Connection Saturation TC...
59482 Blue Coat Multiple Products TCP/IP Implementation Queue Connection Saturation...
59241 Microsoft Windows CreateRemoteThread Function Arbitrary Writeable Process Ter...
58614 McAfee Email and Web Security Appliance TCP/IP Implementation Queue Connectio...
58321 Check Point Multiple Products TCP/IP Implementation Queue Connection Saturati...
58189 Yamaha RT Series Routers TCP/IP Implementation Queue Connection Saturation TC...
57993 Solaris TCP/IP Implementation Queue Connection Saturation TCP State Table Rem...
57795 Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State...
57794 Multiple BSD TCP/IP Implementation Queue Connection Saturation TCP State Tabl...
57793 Multiple Linux TCP/IP Implementation Queue Connection Saturation TCP State Ta...
50286 Cisco TCP/IP Implementation Queue Connection Saturation TCP State Table Remot...
45521 Microsoft Windows Explorer (explorer.exe) Malformed PNG Handling Remote DoS
38494 Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) ICO Handling DoS
35637 Microsoft Windows Unspecified Remote Code Execution
34830 Microsoft Outlook Recipient ActiveX (ole32.dll) Crafted HTML DoS
34101 Microsoft Windows XP winmm.dll mmioRead Function DoS
33474 Microsoft Windows ReadDirectoryChangesW API Function File System Information ...
33306 Microsoft Windows Explorer explorer.exe WMV File Handling DoS
31890 Microsoft Windows Shell New Hardware Local Privilege Escalation
31889 Microsoft Windows XP SP2 Image Aquisition Service Local Privilege Escalation
31886 Microsoft RichEdit OLE Dialog RTF Memory Corruption Remote Code Execution
31885 Microsoft Windows OLE Dialog Memory Corruption Remote Code Execution

ExploitDB Exploits

id Description
25389 Multiple Vendor ICMP Message Handling DoS
25388 Multiple Vendor ICMP Implementation Malformed Path MTU DoS
25387 Multiple Vendor ICMP Implementation Spoofed Source Quench Packet DoS
4044 MS Windows GDI+ ICO File Remote Denial of Service Exploit
1065 MS Windows (SMB) Transaction Response Handling Exploit (MS05-011)
1019 MS Windows COM Structured Storage Local Exploit (MS05-012)
948 Multiple OS (Win32/Aix/Cisco) - Crafted ICMP Messages DoS Exploit

OpenVAS Exploits

id Description
2011-12-30 Name : MicroSoft Windows Server Service Remote Code Execution Vulnerability (921883)
File : nvt/secpod_ms06-040_remote.nasl
2011-11-21 Name : Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerab...
File : nvt/secpod_ms_windows_ip_validation_code_exec_vuln.nasl
2011-01-14 Name : Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnera...
File : nvt/gb_ms07-021.nasl
2010-07-08 Name : Microsoft Windows GDI Multiple Vulnerabilities (925902)
File : nvt/ms07-017.nasl
2010-05-13 Name : Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities
File : nvt/gb_ms_win_kernel_win32k_sys_mult_dos_vuln.nasl
2009-09-10 Name : Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
File : nvt/secpod_ms09-048.nasl
2005-11-03 Name : IE 5.01 5.5 6.0 Cumulative patch (890923)
File : nvt/smb_nt_ms02-005.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2007-B-0003 Microsoft Windows OLE Dialog Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0013602
2007-B-0005 Microsoft Office and Windows RichEdit Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0013604
2006-A-0054 Microsoft Windows Workstation Service Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0013115
2006-B-0011 Microsoft Windows Winsock and DNS Client Service Vulnerabilities (MS06-041)
Severity: Category I - VMSKEY: V0012600
2005-A-0001 Multiple Vulnerabilities in Microsoft Windows
Severity: Category I - VMSKEY: V0005996

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 DCERPC DIRECT-UDP msqueue function 4 little endian object call overflow attempt
RuleID : 9771 - Type : NETBIOS - Revision : 7
2014-01-10 DCERPC NCACN-IP-TCP msqueue function 4 object call overflow attempt
RuleID : 9770 - Type : NETBIOS - Revision : 7
2014-01-10 DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt
RuleID : 9769 - Type : OS-WINDOWS - Revision : 13
2014-01-10 DCERPC NCACN-IP-TCP v4 msqueue function 4 little endian overflow attempt
RuleID : 9768 - Type : NETBIOS - Revision : 7
2014-01-10 DCERPC DIRECT-UDP msqueue function 4 object call overflow attempt
RuleID : 9767 - Type : NETBIOS - Revision : 7
2014-01-10 DCERPC DIRECT-UDP msqueue function 4 overflow attempt
RuleID : 9766 - Type : NETBIOS - Revision : 7
2014-01-10 DCERPC DIRECT-UDP msqueue function 4 little endian overflow attempt
RuleID : 9765 - Type : NETBIOS - Revision : 7
2014-01-10 DCERPC DIRECT-UDP v4 msqueue function 4 little endian overflow attempt
RuleID : 9764 - Type : NETBIOS - Revision : 7
2014-01-10 Outlook Recipient Control ActiveX function call access
RuleID : 9670 - Type : BROWSER-PLUGINS - Revision : 9
2014-01-10 Outlook Recipient Control ActiveX clsid unicode access
RuleID : 9669 - Type : WEB-ACTIVEX - Revision : 6
2014-01-10 Outlook Recipient Control ActiveX clsid access
RuleID : 9668 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10 Microsoft Windows Media Player ASF marker object parsing buffer overflow attempt
RuleID : 9643 - Type : OS-WINDOWS - Revision : 10
2014-01-10 Microsoft Windows Media Player ASF codec list object parsing buffer overflow ...
RuleID : 9642 - Type : OS-WINDOWS - Revision : 10
2014-01-10 Microsoft Windows Media Player ASF simple index object parsing buffer overflo...
RuleID : 9641 - Type : OS-WINDOWS - Revision : 10
2014-01-10 Microsoft Agent buffer overflow attempt
RuleID : 9433 - Type : OS-WINDOWS - Revision : 9
2014-01-10 Microsoft Agent buffer overflow attempt
RuleID : 9432 - Type : OS-WINDOWS - Revision : 9
2014-01-10 SMB netware_cs NwGetConnectionInformation WriteAndX little endian andx object...
RuleID : 9323 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS netware_cs NwGetConnectionInformation unicode andx object call overflo...
RuleID : 9322 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS netware_cs NwGetConnectionInformation unicode little endian andx objec...
RuleID : 9321 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS netware_cs NwGetConnectionInformation WriteAndX unicode little endian ...
RuleID : 9320 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS netware_cs NwGetConnectionInformation little endian andx object call o...
RuleID : 9319 - Type : NETBIOS - Revision : 5
2014-01-10 SMB netware_cs NwGetConnectionInformation andx overflow attempt
RuleID : 9318 - Type : NETBIOS - Revision : 5
2014-01-10 SMB netware_cs NwGetConnectionInformation unicode andx overflow attempt
RuleID : 9317 - Type : NETBIOS - Revision : 5
2014-01-10 SMB netware_cs NwGetConnectionInformation WriteAndX andx overflow attempt
RuleID : 9316 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS netware_cs NwGetConnectionInformation andx overflow attempt
RuleID : 9315 - Type : NETBIOS - Revision : 5

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-05-08 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL23440942.nasl - Type: ACT_GATHER_INFO
2015-09-18 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL4583.nasl - Type: ACT_GATHER_INFO
2014-10-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL10509.nasl - Type: ACT_GATHER_INFO
2010-09-01 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20090908-tcp24http.nasl - Type: ACT_GATHER_INFO
2010-09-01 Name: The remote device is missing a vendor-supplied security patch
File: cisco-sa-20050412-icmp.nasl - Type: ACT_GATHER_INFO
2009-09-08 Name: Multiple vulnerabilities in the Windows TCP/IP implementation could lead to d...
File: smb_nt_ms09-048.nasl - Type: ACT_GATHER_INFO
2007-04-10 Name: Arbitrary code can be executed on the remote host through the web browser.
File: smb_nt_ms07-021.nasl - Type: ACT_GATHER_INFO
2007-03-12 Name: A flaw in the Plug and Play service may allow an authenticated attacker to ex...
File: smb_kb905749.nasl - Type: ACT_GATHER_INFO
2007-02-13 Name: Arbitrary code can be executed on the remote host through the RichEdit compon...
File: smb_nt_ms07-013.nasl - Type: ACT_GATHER_INFO
2007-02-13 Name: Arbitrary code can be executed on the remote host through the OLE Dialog comp...
File: smb_nt_ms07-011.nasl - Type: ACT_GATHER_INFO
2007-02-13 Name: Vulnerabilities in the Windows Acquisition Service may allow a user to elevat...
File: smb_nt_ms07-007.nasl - Type: ACT_GATHER_INFO
2007-02-13 Name: Vulnerabilities in the Windows Shell may allow a user to elevate his privileges.
File: smb_nt_ms07-006.nasl - Type: ACT_GATHER_INFO
2006-12-12 Name: Arbitrary code can be executed on the remote host through the Media Format Se...
File: smb_nt_ms06-78.nasl - Type: ACT_GATHER_INFO
2006-12-12 Name: A local user can elevate his privileges on the remote host.
File: smb_nt_ms06-075.nasl - Type: ACT_GATHER_INFO
2006-11-14 Name: Arbitrary code can be executed on the remote host due to a flaw in the 'works...
File: smb_nt_ms06-070.nasl - Type: ACT_GATHER_INFO
2006-11-14 Name: It is possible to execute arbitrary code on the remote host through the agent...
File: smb_nt_ms06-068.nasl - Type: ACT_GATHER_INFO
2006-11-14 Name: A flaw in the client service for NetWare may allow an attacker to execute arb...
File: smb_nt_ms06-066.nasl - Type: ACT_GATHER_INFO
2006-10-10 Name: It is possible to crash the remote host due to a flaw in the 'server' service.
File: smb_nt_ms06-063.nasl - Type: ACT_GATHER_INFO
2006-10-10 Name: It is possible to crash the remote host due to a flaw in the TCP/IP IPv6 stack.
File: smb_nt_ms06-064.nasl - Type: ACT_GATHER_INFO
2006-10-10 Name: It is possible to execute code on the remote host.
File: smb_nt_ms06-065.nasl - Type: ACT_GATHER_INFO
2006-09-12 Name: The remote web server is vulnerable to a cross-site scripting attack.
File: smb_nt_ms06-053.nasl - Type: ACT_GATHER_INFO
2006-09-12 Name: Arbitrary code can be executed on the remote host.
File: smb_nt_ms06-052.nasl - Type: ACT_GATHER_INFO
2006-08-08 Name: Arbitrary code can be executed on the remote host due to a flaw in the 'Serve...
File: smb_kb921883.nasl - Type: ACT_GATHER_INFO
2006-08-08 Name: A local user can elevate his privileges on the remote host.
File: smb_nt_ms06-051.nasl - Type: ACT_GATHER_INFO
2006-08-08 Name: Arbitrary code can be executed on the remote host through the web client.
File: smb_nt_ms06-042.nasl - Type: ACT_GATHER_INFO