This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2008-06-11
Product Windows Xp Last view 2019-12-10
Version - Type Os
Update sp3  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_xp

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2019-12-10 CVE-2019-1489

An information disclosure vulnerability exists when the Windows Remote Desktop Protocol (RDP) fails to properly handle objects in memory, aka 'Remote Desktop Protocol Information Disclosure Vulnerability'.

6.9 2014-04-08 CVE-2014-0315

Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse cmd.exe file in the current working directory, as demonstrated by a directory that contains a .bat or .cmd file, aka "Windows File Handling Vulnerability."

6.6 2014-03-12 CVE-2014-0323

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (system hang) via a crafted application, aka "Win32k Information Disclosure Vulnerability."

9.3 2014-03-12 CVE-2014-0301

Double free vulnerability in qedit.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via a crafted JPEG image, aka "DirectShow Memory Corruption Vulnerability."

7.2 2014-03-12 CVE-2014-0300

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

7.1 2014-02-11 CVE-2014-0266

The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to bypass the Same Origin Policy via a web page that is visited in Internet Explorer, aka "MSXML Information Disclosure Vulnerability."

6.9 2013-12-10 CVE-2013-5058

Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges via a crafted application, aka "Win32k Integer Overflow Vulnerability."

7.1 2013-11-17 CVE-2013-3876

DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which allows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificate.

9.3 2013-11-12 CVE-2013-3940

Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image in a Windows Write (.wri) document, which is not properly handled in WordPad, aka "Graphics Device Interface Integer Overflow Vulnerability."

9.3 2013-11-12 CVE-2013-3918

The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability."

5 2013-11-12 CVE-2013-3869

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a denial of service (daemon hang) via a web-service request containing a crafted X.509 certificate that is not properly handled during validation, aka "Digital Signatures Vulnerability."

9.3 2013-10-09 CVE-2013-3128

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary code via a crafted OpenType font (OTF) file, aka "OpenType Font Parsing Vulnerability."

7.2 2011-04-13 CVE-2011-1229

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."

9.3 2010-10-26 CVE-2010-3227

Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."

6.8 2010-08-16 CVE-2010-1886

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."

6.4 2010-05-07 CVE-2010-1690

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.

6.4 2010-05-07 CVE-2010-1689

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.

4.9 2010-05-06 CVE-2010-1735

The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

4.9 2010-05-06 CVE-2010-1734

The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

5 2010-04-14 CVE-2010-0025

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."

5 2010-04-14 CVE-2010-0024

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."

9.3 2010-02-10 CVE-2010-0250

Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."

7.2 2010-02-10 CVE-2010-0233

Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."

7.2 2010-01-21 CVE-2010-0232

The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."

9.3 2009-09-08 CVE-2009-2519

The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."

CWE : Common Weakness Enumeration

%idName
20% (9) CWE-94 Failure to Control Generation of Code ('Code Injection')
18% (8) CWE-20 Improper Input Validation
13% (6) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11% (5) CWE-264 Permissions, Privileges, and Access Controls
11% (5) CWE-200 Information Exposure
4% (2) CWE-190 Integer Overflow or Wraparound
4% (2) CWE-189 Numeric Errors
2% (1) CWE-476 NULL Pointer Dereference
2% (1) CWE-426 Untrusted Search Path
2% (1) CWE-415 Double Free
2% (1) CWE-399 Resource Management Errors
2% (1) CWE-310 Cryptographic Issues
2% (1) CWE-255 Credentials Management

CAPEC : Common Attack Pattern Enumeration & Classification

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Name
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7 Blind SQL Injection
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-28 Fuzzing
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-42 MIME Conversion
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-63 Simple Script Injection
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-66 SQL Injection
CAPEC-67 String Format Overflow in syslog()
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic

SAINT Exploits

Description Link
Visual Studio Active Template Library object type mismatch vulnerability More info here
Windows Telnet credential reflection More info here
Microsoft DirectShow Video Streaming ActiveX IMPEG2TuneRequest Overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
71735 Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Loc...
68585 Microsoft Foundation Classes (MFC) Library Window Title Handling Remote Overflow
67083 Microsoft Windows TAPI Server (TAPISRV) Service Isolation Bypass Local Privil...
64794 Microsoft Multiple Products smtpsvc.dll DNS Implementation Predictable Transa...
64793 Microsoft Multiple Products smtpsvc.dll DNS Implementation ID Transaction Ver...
64058 Microsoft Windows win32k.sys SfnINSTRING() Local DoS
64057 Microsoft Windows win32k.sys SfnLOGONNOTIFY() Local DoS
63739 Microsoft Windows SMTP / Exchange Server Malformed Command Sequence Remote In...
63738 Microsoft Windows SMTP / Exchange Server DNS Mail Exchanger (MX) Resource Rec...
62259 Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation
62257 Microsoft Windows DirectShow AVI File Decompression Overflow
61854 Microsoft Windows #GP Trap Handler (nt!KiTrap0D) Local Privilege Escalation
57804 Microsoft JScript Scripting Engine Memory Corruption Arbitrary Code Execution
57803 Microsoft Windows Media MP3 File Handling Memory Corruption
57802 Microsoft Windows Media ASF Header Parsing Invalid Free Arbitrary Code Execution
57798 Microsoft Windows DHTML Editing Component ActiveX Arbitrary Code Execution
56912 Microsoft Windows Terminal Services Client ActiveX Unspecified Overflow
56911 Microsoft Remote Desktop Server (RDS) mstscax.dll Packet Parsing Remote Overflow
56910 Microsoft Visual Studio Active Template Library (ATL) Header Mismatch Remote ...
56909 Microsoft Windows AVI Media File Parsing Unspecified Overflow
56908 Microsoft Windows Malformed AVI Header Parsing Arbitrary Code Execution
56904 Microsoft Windows Telnet NTLM Credential Reflection Remote Access
56902 Microsoft Windows Workstation Service NetrGetJoinInformation Function Local M...
56780 Microsoft Windows win32k.sys NtUserConsoleControl Function Memory Manipulatio...
56695 Microsoft IE HTML Embedded CSS Property Modification Memory Corruption

ExploitDB Exploits

id Description
30397 Windows Kernel win32k.sys - Integer Overflow (MS13-101)
11199 Windows NT - User Mode to Ring 0 Escalation Vulnerability

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2011-04-13 Name : Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2506223)
File : nvt/secpod_ms11-034.nasl
2011-04-11 Name : Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability
File : nvt/gb_ms_windows_nic_security_bypass_vuln.nasl
2011-01-10 Name : Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability ...
File : nvt/gb_ms08-036.nasl
2010-10-13 Name : Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability ...
File : nvt/secpod_ms10-074.nasl
2010-05-13 Name : Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities
File : nvt/gb_ms_win_kernel_win32k_sys_mult_dos_vuln.nasl
2010-05-05 Name : Microsoft Windows SMTP Server DNS spoofing vulnerability
File : nvt/gb_ms_smtp_dns_spoofing_vulnerability.nasl
2010-04-23 Name : Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (...
File : nvt/secpod_ms10-024.nasl
2010-04-22 Name : Microsoft Windows SMTP Server MX Record Denial of Service Vulnerability
File : nvt/gb_ms10_024.nasl
2010-02-10 Name : Microsoft Windows Kernel Could Allow Elevation of Privilege (977165)
File : nvt/secpod_ms10-015.nasl
2010-02-10 Name : Microsoft DirectShow Remote Code Execution Vulnerability (977935)
File : nvt/secpod_ms10-013.nasl
2010-01-22 Name : Microsoft Windows GP Trap Handler Privilege Escalation Vulnerability
File : nvt/gb_ms_kernel_prv_esc_vuln.nasl
2009-09-10 Name : Microsoft Windows Media Format Remote Code Execution Vulnerability (973812)
File : nvt/secpod_ms09-047.nasl
2009-09-10 Name : Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability...
File : nvt/secpod_ms09-046.nasl
2009-09-10 Name : Microsoft JScript Scripting Engine Remote Code Execution Vulnerability (971961)
File : nvt/secpod_ms09-045.nasl
2009-08-14 Name : Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908)
File : nvt/secpod_ms09-037.nasl
2009-08-12 Name : Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)
File : nvt/secpod_ms09-041.nasl
2009-08-12 Name : Telnet NTLM Credential Reflection Authentication Bypass Vulnerability (960859)
File : nvt/secpod_ms09-042.nasl
2009-08-12 Name : Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706)
File : nvt/secpod_ms09-044.nasl
2009-08-12 Name : Microsoft Windows AVI Media File Parsing Vulnerabilities (971557)
File : nvt/secpod_ms09-038.nasl
2009-08-11 Name : Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability
File : nvt/gb_ms_win_kernel_win32k_sys_priv_esc_vuln.nasl
2009-07-29 Name : Cumulative Security Update for Internet Explorer (972260)
File : nvt/secpod_ms09-034.nasl
2009-07-15 Name : Microsoft DirectShow Remote Code Execution Vulnerability (961373)
File : nvt/secpod_ms09-028.nasl
2009-07-09 Name : Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability
File : nvt/gb_ms_video_actvx_bof_vuln_jul09.nasl
2009-06-10 Name : Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
File : nvt/secpod_ms09-025.nasl
2009-06-10 Name : Vulnerabilities in Print Spooler Could Allow Remote Code Execution (961501)
File : nvt/secpod_ms09-022.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-B-0040 Microsoft Windows Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0048685
2014-A-0041 Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Driver
Severity: Category I - VMSKEY: V0046299
2014-A-0038 Microsoft DirectShow Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0046179
2014-B-0015 Microsoft XML Core Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0044037
2013-A-0232 Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Drivers
Severity: Category I - VMSKEY: V0042582
2013-B-0128 MIcrosoft Windows Digital Signature Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0042304
2013-A-0214 Microsoft GDI Memory Corruption Vulnerability
Severity: Category II - VMSKEY: V0042294
2013-A-0213 Cumulative Security Update of Microsoft ActiveX Kill Bits
Severity: Category II - VMSKEY: V0042293
2013-A-0190 Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Drivers
Severity: Category I - VMSKEY: V0040763
2013-A-0187 Multiple Vulnerabilities in Microsoft .NET Framework
Severity: Category I - VMSKEY: V0040753
2010-B-0091 Microsoft Foundation Classes Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0025532
2010-B-0029 Multiple Vulnerabilities in Microsoft Exchange and Windows SMTP Service
Severity: Category II - VMSKEY: V0023955
2010-A-0025 Microsoft DirectShow Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0022679
2009-A-0076 Multiple Vulnerabilities in Microsoft Windows Media Format
Severity: Category II - VMSKEY: V0019916
2009-A-0075 Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0019915
2009-A-0074 Microsoft JScript Scripting Engine Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0019914
2009-A-0071 Multiple Vulnerabilities in Microsoft Remote Desktop Connection
Severity: Category II - VMSKEY: V0019884
2009-A-0067 Multiple Vulnerabilities in Microsoft Active Template Library
Severity: Category II - VMSKEY: V0019882
2009-B-0035 Microsoft Windows Workstation Service Elevation of Privilege Vulnerability
Severity: Category II - VMSKEY: V0019880
2009-B-0037 Microsoft Telnet Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0019879
2008-T-0025 Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerabilities
Severity: Category I - VMSKEY: V0016038

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2019-10-17 Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt
RuleID : 51557 - Type : OS-WINDOWS - Revision : 1
2019-10-17 Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt
RuleID : 51556 - Type : OS-WINDOWS - Revision : 1
2019-10-17 Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt
RuleID : 51555 - Type : OS-WINDOWS - Revision : 1
2019-09-05 Microsoft Windows mp3 file malformed ID3 APIC header code execution attempt
RuleID : 50893 - Type : FILE-MULTIMEDIA - Revision : 1
2019-09-05 Microsoft Windows mp3 file malformed ID3 APIC header code execution attempt
RuleID : 50892 - Type : FILE-MULTIMEDIA - Revision : 1
2019-04-13 Microsoft Wordpad embedded BMP overflow attempt
RuleID : 49428 - Type : FILE-OTHER - Revision : 1
2019-04-13 Microsoft Wordpad embedded BMP overflow attempt
RuleID : 49427 - Type : FILE-OTHER - Revision : 1
2017-11-02 ZIP file name overflow attempt
RuleID : 44473 - Type : FILE-OTHER - Revision : 2
2017-10-10 Microsoft DirectShow memory corruption attempt
RuleID : 44306 - Type : OS-WINDOWS - Revision : 2
2017-10-10 Microsoft DirectShow memory corruption attempt
RuleID : 44305 - Type : OS-WINDOWS - Revision : 2
2017-07-25 Microsoft Windows DirectX directshow wav file overflow attempt
RuleID : 43270 - Type : FILE-MULTIMEDIA - Revision : 1
2017-07-25 Microsoft Windows DirectX directshow wav file overflow attempt
RuleID : 43269 - Type : FILE-MULTIMEDIA - Revision : 1
2014-01-10 Microsoft Internet Explorer DHTML Editing ActiveX clsid access
RuleID : 4148 - Type : BROWSER-PLUGINS - Revision : 23
2016-04-19 DCERPC Direct detection of malicious DCE RPC request in suspicious pcap
RuleID : 38264 - Type : OS-WINDOWS - Revision : 1
2016-03-24 InformationCardSigninHelper ActiveX function call access
RuleID : 37823 - Type : BROWSER-PLUGINS - Revision : 1
2016-03-24 InformationCardSigninHelper ActiveX clsid access
RuleID : 37822 - Type : BROWSER-PLUGINS - Revision : 2
2016-03-14 Microsoft Internet Explorer DHTML Editing ActiveX clsid access
RuleID : 36783 - Type : BROWSER-PLUGINS - Revision : 3
2016-03-14 Microsoft Internet Explorer DHTML Editing ActiveX clsid access
RuleID : 36782 - Type : BROWSER-PLUGINS - Revision : 3
2014-04-24 ATMFD Adobe font driver reserved command denial of service attempt
RuleID : 30241 - Type : FILE-OTHER - Revision : 2
2014-04-24 ATMFD Adobe font driver reserved command denial of service attempt
RuleID : 30240 - Type : FILE-OTHER - Revision : 2
2014-03-13 Microsoft XML Core Services same origin policy bypass attempt
RuleID : 29705 - Type : BROWSER-PLUGINS - Revision : 3
2014-03-13 Microsoft XML Core Services same origin policy bypass attempt
RuleID : 29704 - Type : BROWSER-PLUGINS - Revision : 3
2014-03-13 Microsoft XML Core Services same origin policy bypass attempt
RuleID : 29703 - Type : BROWSER-PLUGINS - Revision : 3
2014-03-13 Microsoft XML Core Services same origin policy bypass attempt
RuleID : 29702 - Type : BROWSER-PLUGINS - Revision : 3
2014-03-13 Microsoft XML Core Services same origin policy bypass attempt
RuleID : 29701 - Type : BROWSER-PLUGINS - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-04-03 Name: The remote mail server may be affected by multiple vulnerabilities.
File: exchange_ms10-024.nasl - Type: ACT_GATHER_INFO
2014-04-08 Name: The remote Windows host is potentially affected by a remote code execution vu...
File: smb_nt_ms14-019.nasl - Type: ACT_GATHER_INFO
2014-03-11 Name: The Windows kernel drivers on the remote host are affected by multiple vulner...
File: smb_nt_ms14-015.nasl - Type: ACT_GATHER_INFO
2014-03-11 Name: The remote Windows host is potentially affected by a remote code execution vu...
File: smb_nt_ms14-013.nasl - Type: ACT_GATHER_INFO
2014-02-12 Name: The remote host is affected by an information disclosure vulnerability.
File: smb_nt_ms14-005.nasl - Type: ACT_GATHER_INFO
2013-12-11 Name: The Windows kernel drivers on the remote host are affected by multiple vulner...
File: smb_nt_ms13-101.nasl - Type: ACT_GATHER_INFO
2013-11-13 Name: The remote host is affected by a security feature bypass vulnerability.
File: smb_kb2862152.nasl - Type: ACT_GATHER_INFO
2013-11-13 Name: The remote Windows host is affected by a denial of service vulnerability.
File: smb_nt_ms13-095.nasl - Type: ACT_GATHER_INFO
2013-11-13 Name: The remote Windows host is missing an update that disables selected ActiveX c...
File: smb_nt_ms13-090.nasl - Type: ACT_GATHER_INFO
2013-11-13 Name: The remote host is affected by a remote code execution vulnerability.
File: smb_nt_ms13-089.nasl - Type: ACT_GATHER_INFO
2013-10-09 Name: The Windows kernel drivers on the remote host are affected by multiple vulner...
File: smb_nt_ms13-081.nasl - Type: ACT_GATHER_INFO
2013-10-09 Name: The .NET Framework install on the remote Windows host could allow arbitrary c...
File: smb_nt_ms13-082.nasl - Type: ACT_GATHER_INFO
2011-04-13 Name: The remote Windows kernel is affected by multiple vulnerabilities.
File: smb_nt_ms11-034.nasl - Type: ACT_GATHER_INFO
2010-10-13 Name: It is possible to execute arbitrary code on the remote Windows host through t...
File: smb_nt_ms10-074.nasl - Type: ACT_GATHER_INFO
2010-08-26 Name: The remote Windows host has a privilege escalation vulnerability.
File: smb_kb982316.nasl - Type: ACT_GATHER_INFO
2010-04-13 Name: The remote mail server may be affected by multiple vulnerabilities.
File: smtp_kb981832.nasl - Type: ACT_GATHER_INFO
2010-04-13 Name: The remote mail server may be affected by multiple vulnerabilities.
File: smb_nt_ms10-024.nasl - Type: ACT_GATHER_INFO
2010-02-09 Name: It is possible to execute arbitrary code on the remote Windows host using Dir...
File: smb_nt_ms10-013.nasl - Type: ACT_GATHER_INFO
2010-02-09 Name: The Windows kernel is affected by two vulnerabilities allowing a local attack...
File: smb_nt_ms10-015.nasl - Type: ACT_GATHER_INFO
2009-09-08 Name: Arbitrary code can be executed on the remote host through the web or email cl...
File: smb_nt_ms09-045.nasl - Type: ACT_GATHER_INFO
2009-09-08 Name: Arbitrary code can be executed on the remote host through an ActiveX control.
File: smb_nt_ms09-046.nasl - Type: ACT_GATHER_INFO
2009-09-08 Name: Arbitrary code can be executed on the remote host through opening a Windows M...
File: smb_nt_ms09-047.nasl - Type: ACT_GATHER_INFO
2009-08-11 Name: Arbitrary code can be executed on the remote host through Microsoft Remote De...
File: macosx_rdesktop.nasl - Type: ACT_GATHER_INFO
2009-08-11 Name: Arbitrary code can be executed on the remote host through Windows Media file ...
File: smb_nt_ms09-038.nasl - Type: ACT_GATHER_INFO
2009-08-11 Name: Arbitrary code can be executed on the remote host through Microsoft Active Te...
File: smb_nt_ms09-037.nasl - Type: ACT_GATHER_INFO