This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 1997-01-01
Product Windows 2000 Last view 2012-03-28
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:* 270
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:* 220
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:* 135
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:* 130
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:* 116
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:* 51
cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:* 26
cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:* 8
cpe:2.3:o:microsoft:windows_2000:sp4:*:*:*:*:*:*:* 4
cpe:2.3:o:microsoft:windows_2000:*:gold:*:*:*:*:*:* 4
cpe:2.3:o:microsoft:windows_2000:-:sp1:*:*:*:*:*:* 4
cpe:2.3:o:microsoft:windows_2000:-:sp2:*:*:*:*:*:* 4
cpe:2.3:o:microsoft:windows_2000:*:rc2:*:*:*:*:*:* 3
cpe:2.3:o:microsoft:windows_2000:*:beta3:*:*:*:*:*:* 3
cpe:2.3:o:microsoft:windows_2000:*:rc1:*:*:*:*:*:* 3
cpe:2.3:o:microsoft:windows_2000:*:-:*:*:*:*:*:* 3
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:datacenter_server:*:*:* 3
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:professional:*:*:* 3
cpe:2.3:o:microsoft:windows_2000:*:*:*:ja:server:*:*:* 3
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:advanced_server:*:*:* 3
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:datacenter_server:*:*:* 3
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:professional:*:*:* 3
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:server:*:*:* 3
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:advanced_server:*:*:* 3
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:datacenter_server:*:*:* 3
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:server:*:*:* 3
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:advanced_server:*:*:* 3
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:datacenter_server:*:*:* 3
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:professional:*:*:* 3
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:server:*:*:* 3
cpe:2.3:o:microsoft:windows_2000:*:sp3:adv_srv:*:*:*:*:* 2
cpe:2.3:o:microsoft:windows_2000:*:sp3:srv:*:*:*:*:* 2
cpe:2.3:o:microsoft:windows_2000:2000.0.2195:*:*:*:*:*:*:* 2
cpe:2.3:o:microsoft:windows_2000:2000.2072:*:*:*:*:*:*:* 2
cpe:2.3:o:microsoft:windows_2000:-:-:*:*:*:*:*:* 2
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:server:*:*:* 2
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:professional:*:*:* 2
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:advanced_server:*:*:* 2
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:advanced_server:*:*:* 2
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:datacenter_server:*:*:* 2
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:professional:*:*:* 2
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:server:*:*:* 2
cpe:2.3:o:microsoft:windows_2000:-:sp3:*:*:*:*:*:* 2
cpe:2.3:o:microsoft:windows_2000:*:sp4:srv:*:*:*:*:* 1
cpe:2.3:o:microsoft:windows_2000:*:gold:adv_srv:*:*:*:*:* 1
cpe:2.3:o:microsoft:windows_2000:*:sp1:adv_srv:*:*:*:*:* 1
cpe:2.3:o:microsoft:windows_2000:*:gold:datacenter_srv:*:*:*:*:* 1
cpe:2.3:o:microsoft:windows_2000:*:sp3:datacenter_srv:*:*:*:*:* 1
cpe:2.3:o:microsoft:windows_2000:*:sp1:datacenter_srv:*:*:*:*:* 1
cpe:2.3:o:microsoft:windows_2000:*:sp4:datacenter_srv:*:*:*:*:* 1

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.2 2012-03-28 CVE-2007-6753

Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.

4.3 2012-02-02 CVE-2010-4562

Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.

6.8 2010-07-02 CVE-2010-2594

Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.

6.8 2010-06-08 CVE-2010-1255

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."

7.2 2010-06-08 CVE-2010-0819

Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."

6.8 2010-06-08 CVE-2010-0485

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."

6.8 2010-06-08 CVE-2010-0484

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."

6.4 2010-05-07 CVE-2010-1690

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.

6.4 2010-05-07 CVE-2010-1689

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.

4.9 2010-05-06 CVE-2010-1735

The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

4.9 2010-05-06 CVE-2010-1734

The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

9.3 2010-04-14 CVE-2010-0487

The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."

9.3 2010-04-14 CVE-2010-0486

The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."

9.3 2010-04-14 CVE-2010-0480

Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."

9.3 2010-04-14 CVE-2010-0478

Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."

10 2010-04-14 CVE-2010-0269

The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."

9.3 2010-04-14 CVE-2010-0268

Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."

4.9 2010-04-14 CVE-2010-0238

Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."

6.9 2010-04-14 CVE-2010-0237

The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."

7.2 2010-04-14 CVE-2010-0236

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."

4.7 2010-04-14 CVE-2010-0235

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."

4.7 2010-04-14 CVE-2010-0234

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."

5 2010-04-14 CVE-2010-0025

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."

5 2010-04-14 CVE-2010-0024

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."

9.3 2010-03-31 CVE-2010-0805

The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability."

CWE : Common Weakness Enumeration

%idName
22% (45) CWE-20 Improper Input Validation
18% (37) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
16% (33) CWE-94 Failure to Control Generation of Code ('Code Injection')
10% (22) CWE-399 Resource Management Errors
8% (17) CWE-264 Permissions, Privileges, and Access Controls
6% (13) CWE-189 Numeric Errors
4% (9) CWE-200 Information Exposure
2% (5) CWE-16 Configuration
1% (4) CWE-287 Improper Authentication
1% (3) CWE-362 Race Condition
1% (3) CWE-310 Cryptographic Issues
1% (3) CWE-255 Credentials Management
0% (2) CWE-787 Out-of-bounds Write
0% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
0% (1) CWE-669 Incorrect Resource Transfer Between Spheres
0% (1) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
0% (1) CWE-352 Cross-Site Request Forgery (CSRF)
0% (1) CWE-294 Authentication Bypass by Capture-replay
0% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
0% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

CAPEC : Common Attack Pattern Enumeration & Classification

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Name
CAPEC-2 Inducing Account Lockout
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7 Blind SQL Injection
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-12 Choosing a Message/Channel Identifier on a Public/Multicast Channel
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-21 Exploitation of Session Variables, Resource IDs and other Trusted Credentials
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-25 Forced Deadlock
CAPEC-27 Leveraging Race Conditions via Symbolic Links
CAPEC-28 Fuzzing
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-36 Using Unpublished Web Service APIs
CAPEC-39 Manipulating Opaque Client-based Data Tokens
CAPEC-40 Manipulating Writeable Terminal Devices
CAPEC-42 MIME Conversion
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-45 Buffer Overflow via Symbolic Links

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:1023 WinNT Broad Permissions for Remote Registry Access
oval:org.mitre.oval:def:915 IIS4.0 Buffer Overflow
oval:org.mitre.oval:def:1079 MS CIFS Spoofed Browse Frame Request Vulnerability
oval:org.mitre.oval:def:139 Default Registry Permissions on SNMP Parameters
oval:org.mitre.oval:def:1068 Windows 2000 Internet Printing ISAPI Extension Buffer Overflow
oval:org.mitre.oval:def:82 Microsoft RPC Denial of Service
oval:org.mitre.oval:def:334 Windows NNTP Memory Leak
oval:org.mitre.oval:def:253 SQL Server Format String Vulnerability
oval:org.mitre.oval:def:64 Windows 2000 Trusted Domain Loophole
oval:org.mitre.oval:def:159 Windows NT Trusted Domain Loophole
oval:org.mitre.oval:def:424 Windows Telnet Server Buffer Overflow
oval:org.mitre.oval:def:38 Windows 2000 Group Policy Bypass
oval:org.mitre.oval:def:402 SNMP Request Handling Buffer Overflow
oval:org.mitre.oval:def:209 SNMP Agent Service Buffer Overflow
oval:org.mitre.oval:def:30 Microsoft SMTP Malformed BDAT Request Denial of Service
oval:org.mitre.oval:def:18 Windows NT Shell Buffer Overflow
oval:org.mitre.oval:def:147 Windows 2000 Shell Buffer Overflow
oval:org.mitre.oval:def:89 Windows 2000 MUP UNC Request Buffer Overflow
oval:org.mitre.oval:def:145 Windows NT MUP UNC Request Buffer Overflow
oval:org.mitre.oval:def:63 Windows 2000 Remote Access Service Phonebook Buffer Overflow
oval:org.mitre.oval:def:61 Windows NT Remote Access Service Phonebook Buffer Overflow
oval:org.mitre.oval:def:76 Windows 2000 Process Handle Duplication Privilege Escalation
oval:org.mitre.oval:def:158 Windows NT Process Handle Duplication Privilege Escalation
oval:org.mitre.oval:def:374 HTML Help ActiveX Control Buffer Overflow
oval:org.mitre.oval:def:403 Code Execution via Compiled HTML Help File

SAINT Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Description Link
Internet Explorer iepeers.dll use-after-free vulnerability More info here
Microsoft Jet Engine MDB file ColumnName buffer overflow More info here
Microsoft Message Queuing buffer overflow More info here
ntdll.dll buffer overflow via IIS 5.0 WebDAV More info here
Visual Studio Active Template Library object type mismatch vulnerability More info here
Windows Telephony API buffer overflow More info here
Windows Metafile rendering buffer overflow More info here
Windows Server Service buffer overflow MS08-067 More info here
Windows LSASS buffer overflow More info here
Windows Server Service buffer overflow More info here
Windows RRAS memory corruption vulnerability More info here
Microsoft Agent crafted URL vulnerability More info here
Windows Task Scheduler buffer overflow More info here
Windows Cursor and Icon handling vulnerability More info here
Windows SMB credential reflection vulnerability More info here
Windows password weakness More info here
Windows Plug and Play buffer overflow More info here
Windows Telnet credential reflection More info here
Internet Explorer WinINet credential reflection vulnerability More info here
Microsoft WordPad Word97 text converter buffer overflow More info here
Windows Print Spooler EnumeratePrintShares buffer overflow More info here
Internet Explorer Tabular Data Control DataURL memory corruption More info here
Windows GDI EMF filename buffer overflow More info here
Microsoft DirectX DirectShow QuickTime movie parsing vulnerability More info here
Windows Media Encoder 9 wmex.dll ActiveX buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
65829 Snare Agent Multiple Unspecified CSRF
65225 Microsoft Windows Kernel-Mode Driver Window Creation Local Privilege Escalation
65224 Microsoft Windows Kernel-Mode Driver Win32k.sys GetDCEx() Function Device Con...
65223 Microsoft Windows Kernel-Mode Driver TrueType Font Parsing Local Privilege Es...
65217 Microsoft Windows OpenType Compact Font Format (CFF) Driver Privilege Escalation
64925 Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption ...
64794 Microsoft Multiple Products smtpsvc.dll DNS Implementation Predictable Transa...
64793 Microsoft Multiple Products smtpsvc.dll DNS Implementation ID Transaction Ver...
64058 Microsoft Windows win32k.sys SfnINSTRING() Local DoS
64057 Microsoft Windows win32k.sys SfnLOGONNOTIFY() Local DoS
63765 Microsoft Windows Media Player ActiveX fourCC Compression Code Codec Retrieva...
63749 Microsoft Windows MPEG Layer-3 Audio Decoder AVI File Handling Overflow
63746 Microsoft Windows Authenticode Signature Verification Cabview Manipulation Pr...
63745 Microsoft Windows Authenticode WinVerifyTrust Signature Manipulation Validati...
63739 Microsoft Windows SMTP / Exchange Server Malformed Command Sequence Remote In...
63738 Microsoft Windows SMTP / Exchange Server DNS Mail Exchanger (MX) Resource Rec...
63736 Microsoft Windows Kernel Symbolic Link Value Processing Unspecified Local DoS
63733 Microsoft Windows Kernel Registry Link Symbolic Link Extraction Local Privile...
63731 Microsoft Windows Kernel Registry Hive Symbolic Link Creation Local Privilege...
63730 Microsoft Windows Kernel Registry Key Validation Unspecified Local DoS
63728 Microsoft Windows Unspecified Kernel System Call Registry Handling Local DoS
63726 Microsoft Windows Media Unicast Service Transport Packet Handling Remote Over...
63335 Microsoft IE Unspecified Uninitialized Memory Corruption
63334 Microsoft IE Post Encoding Information Disclosure
63333 Microsoft IE Unspecified Race Condition Memory Corruption

ExploitDB Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
26076 Cisco ASA < 8.4.4.6|8.2.5.32 Ethernet Information Leak
25389 Multiple Vendor ICMP Message Handling DoS
25388 Multiple Vendor ICMP Implementation Malformed Path MTU DoS
25387 Multiple Vendor ICMP Implementation Spoofed Source Quench Packet DoS
22883 Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnera...
22882 Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnera...
22131 Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Paddin...
21746 MS Windows 2000/NT 4/XP Network Share Provider SMB Request Buffer Overflow (1)
17659 MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow
16590 Internet Explorer DHTML Behaviors Use After Free
16333 Windows Media Services ConnectFunnel Stack Buffer Overflow
15266 Windows NTLM Weak Nonce Vulnerability
14895 MOAUB #5 - Microsoft MPEG Layer-3 Remote Command Execution Exploit
14608 Microsoft Windows CreateWindow Function Callback Vulnerability (MS10-048)
12273 Windows 7/2008R2 SMB Client Trans2 Stack Overflow 10-020 PoC
12032 Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution
11683 Microsoft Internet Explorer iepeers.dll Use-After-Free Exploit (meta)
11199 Windows NT - User Mode to Ring 0 Escalation Vulnerability
9893 Microsoft Internet Explorer 5,6,7 memory corruption PoC
5547 Novell eDirectory < 8.7.3 SP 10 / 8.8.2 - HTTP headers DoS Vulnerability
3740 MS Windows DNS DnssrvQuery Remote Stack Overflow Exploit
3652 MS Windows Animated Cursor (.ANI) Overflow Exploit (Hardware DEP)
3617 MS Windows Animated Cursor (.ANI) Stack Overflow Exploit
3555 Ethernet Device Drivers Frame Padding - Info Leakage Exploit (Etherleak)
3022 MS Windows ASN.1 - Remote Exploit (MS04-007)

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-07-25 Name : Microsoft Windows Media Services ISAPI Extension Code Execution Vulnerabilities
File : nvt/gb_ms_win_media_service_isapi_code_exec_vuln.nasl
2011-12-30 Name : MicroSoft Windows Server Service Remote Code Execution Vulnerability (921883)
File : nvt/secpod_ms06-040_remote.nasl
2011-11-21 Name : Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerab...
File : nvt/secpod_ms_windows_ip_validation_code_exec_vuln.nasl
2011-10-14 Name : Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability
File : nvt/gb_ms_windows_smb_share_passwd_null_sec_bypass_vuln.nasl
2011-08-12 Name : Finger Service Remote Information Disclosure Vulnerability
File : nvt/gb_finger_remote_info_disc_vuln.nasl
2011-05-12 Name : Debian Security Advisory DSA 2191-1 (proftpd-dfsg)
File : nvt/deb_2191_1.nasl
2011-04-11 Name : Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability
File : nvt/gb_ms_windows_nic_security_bypass_vuln.nasl
2011-01-14 Name : Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
File : nvt/gb_ms07-017.nasl
2011-01-14 Name : Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnera...
File : nvt/gb_ms07-021.nasl
2011-01-14 Name : Vulnerability in RPC Could Allow Denial of Service (933729)
File : nvt/gb_ms07-058.nasl
2011-01-13 Name : Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (941644)
File : nvt/gb_ms08-001.nasl
2011-01-10 Name : Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553)
File : nvt/gb_ms08-020.nasl
2011-01-10 Name : Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerab...
File : nvt/gb_ms08-025.nasl
2010-10-22 Name : Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468)
File : nvt/secpod_ms10-012-remote.nasl
2010-07-08 Name : Microsoft Windows GDI Multiple Vulnerabilities (925902)
File : nvt/ms07-017.nasl
2010-06-09 Name : Message Queuing Remote Code Execution Vulnerability (951071) - Remote
File : nvt/secpod_ms08-065_remote.nasl
2010-06-09 Name : Microsoft Windows Kernel Mode Drivers Privilege Escalation Vulnerabilities (9...
File : nvt/secpod_ms10-032.nasl
2010-06-09 Name : Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability ...
File : nvt/secpod_ms10-034.nasl
2010-06-09 Name : Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vu...
File : nvt/secpod_ms10-037.nasl
2010-05-13 Name : Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities
File : nvt/gb_ms_win_kernel_win32k_sys_mult_dos_vuln.nasl
2010-05-05 Name : Microsoft Windows SMTP Server DNS spoofing vulnerability
File : nvt/gb_ms_smtp_dns_spoofing_vulnerability.nasl
2010-04-26 Name : Windows NT NNTP Component Buffer Overflow
File : nvt/gb_ms04_036.nasl
2010-04-23 Name : Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (...
File : nvt/secpod_ms10-024.nasl
2010-04-22 Name : Microsoft Windows SMTP Server MX Record Denial of Service Vulnerability
File : nvt/gb_ms10_024.nasl
2010-04-14 Name : Microsoft Windows Authentication Verification Remote Code Execution Vulnerabi...
File : nvt/secpod_ms10-019.nasl

Information Assurance Vulnerability Management (IAVM)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2010-A-0068 Microsoft Windows Media Services Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0024076
2010-A-0052 Microsoft Windows Media Player Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0024002
2010-A-0053 Microsoft MPEG Layer-3 Codecs Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0023999
2010-B-0029 Multiple Vulnerabilities in Microsoft Exchange and Windows SMTP Service
Severity: Category II - VMSKEY: V0023955
2010-B-0013 Microsoft Windows Kerberos Denial of Service Vulnerability
Severity: Category II - VMSKEY: V0022675
2010-B-0014 Microsoft Paint Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0022674
2009-B-0069 Multiple Vulnerabilities in Indeo Codec affecting Microsoft Windows
Severity: Category II - VMSKEY: V0022163
2009-A-0126 Microsoft Internet Authentication Service Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0022101
2009-B-0064 Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial o...
Severity: Category II - VMSKEY: V0022096
2009-A-0128 Microsoft WordPad and Office Text Converters Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0021551
2009-A-0116 Microsoft Windows License Logging Server Remote Heap Buffer Overflow Vulnerab...
Severity: Category I - VMSKEY: V0021937
2009-A-0095 Multiple Vulnerabilities in Microsoft Windows CryptoAPI
Severity: Category I - VMSKEY: V0021760
2009-A-0091 Multiple Vulnerabilities in Microsoft Windows Media Runtime
Severity: Category II - VMSKEY: V0021744
2009-B-0053 Microsoft Indexing Services Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0021750
2009-A-0097 Multiple Vulnerabilities in Microsoft Active Template Library
Severity: Category II - VMSKEY: V0021756
2009-A-0077 Multiple Microsoft TCP/IP Remote Code Execution Vulnerabilities
Severity: Category I - VMSKEY: V0019917
2009-A-0076 Multiple Vulnerabilities in Microsoft Windows Media Format
Severity: Category II - VMSKEY: V0019916
2009-A-0075 Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0019915
2009-A-0074 Microsoft JScript Scripting Engine Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0019914
2009-A-0071 Multiple Vulnerabilities in Microsoft Remote Desktop Connection
Severity: Category II - VMSKEY: V0019884
2009-A-0067 Multiple Vulnerabilities in Microsoft Active Template Library
Severity: Category II - VMSKEY: V0019882
2009-B-0037 Microsoft Telnet Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0019879
2009-B-0033 Multiple Vulnerabilities in Visual Studio Active Template Library
Severity: Category II - VMSKEY: V0019798
2009-A-0034 Microsoft Windows HTTP Services Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0018756
2009-A-0032 Multiple Vulnerabilities in WordPad and Office Text Converters
Severity: Category I - VMSKEY: V0018752

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 SMB tapisrv ClientRequest andx object call LSetAppPriority overflow attempt
RuleID : 9999 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest little endian andx object call LSetAppPriority o...
RuleID : 9998 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest WriteAndX unicode little endian andx object call...
RuleID : 9997 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest WriteAndX unicode andx object call LSetAppPriori...
RuleID : 9996 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest WriteAndX little endian andx object call LSetApp...
RuleID : 9995 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest andx object call LSetAppPriority overflow attempt
RuleID : 9994 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest unicode little endian andx LSetAppPriority overf...
RuleID : 9993 - Type : NETBIOS - Revision : 5
2014-01-10 SMB tapisrv ClientRequest WriteAndX unicode little endian andx LSetAppPriorit...
RuleID : 9992 - Type : NETBIOS - Revision : 5
2014-01-10 SMB tapisrv ClientRequest unicode little endian andx LSetAppPriority overflow...
RuleID : 9991 - Type : NETBIOS - Revision : 5
2014-01-10 SMB tapisrv ClientRequest WriteAndX little endian andx LSetAppPriority overfl...
RuleID : 9990 - Type : NETBIOS - Revision : 5
2014-01-10 SMB tapisrv ClientRequest little endian andx LSetAppPriority overflow attempt
RuleID : 9989 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest WriteAndX andx LSetAppPriority overflow attempt
RuleID : 9988 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest unicode andx LSetAppPriority overflow attempt
RuleID : 9987 - Type : NETBIOS - Revision : 4
2014-01-10 SMB tapisrv ClientRequest unicode andx LSetAppPriority overflow attempt
RuleID : 9986 - Type : NETBIOS - Revision : 5
2014-01-10 SMB tapisrv ClientRequest WriteAndX andx LSetAppPriority overflow attempt
RuleID : 9985 - Type : NETBIOS - Revision : 5
2014-01-10 SMB tapisrv ClientRequest WriteAndX unicode andx LSetAppPriority overflow att...
RuleID : 9984 - Type : NETBIOS - Revision : 5
2014-01-10 SMB tapisrv ClientRequest andx LSetAppPriority overflow attempt
RuleID : 9983 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest little endian andx LSetAppPriority overflow attempt
RuleID : 9982 - Type : NETBIOS - Revision : 4
2014-01-10 SMB-DS tapisrv ClientRequest WriteAndX unicode little endian andx LSetAppPrio...
RuleID : 9981 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest WriteAndX unicode andx LSetAppPriority overflow ...
RuleID : 9980 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest WriteAndX little endian andx LSetAppPriority ove...
RuleID : 9979 - Type : NETBIOS - Revision : 5
2014-01-10 SMB v4 tapisrv ClientRequest unicode little endian andx LSetAppPriority overf...
RuleID : 9978 - Type : NETBIOS - Revision : 5
2014-01-10 SMB v4 tapisrv ClientRequest little endian andx LSetAppPriority overflow attempt
RuleID : 9977 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest andx LSetAppPriority overflow attempt
RuleID : 9976 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS v4 tapisrv ClientRequest WriteAndX andx LSetAppPriority overflow attempt
RuleID : 9975 - Type : NETBIOS - Revision : 5

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-04-03 Name: The remote mail server may be affected by multiple vulnerabilities.
File: exchange_ms10-024.nasl - Type: ACT_GATHER_INFO
2018-04-03 Name: The remote web server may allow remote code execution.
File: iis_7_pci.nasl - Type: ACT_GATHER_INFO
2017-05-08 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL23440942.nasl - Type: ACT_GATHER_INFO
2017-01-20 Name: The remote device is affected by a memory disclosure vulnerability.
File: juniper_jsa10773.nasl - Type: ACT_GATHER_INFO
2015-09-18 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL4583.nasl - Type: ACT_GATHER_INFO
2015-01-23 Name: The remote Solaris system is missing a security patch from CPU jan2015.
File: solaris_jan2015_SRU11_1_11_4_0.nasl - Type: ACT_GATHER_INFO
2014-10-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL10509.nasl - Type: ACT_GATHER_INFO
2014-03-05 Name: The DNS server running on the remote host is potentially affected by a remote...
File: ms_dns_kb935966.nasl - Type: ACT_GATHER_INFO
2014-03-05 Name: The DNS server running on the remote host is vulnerable to DNS spoofing attacks.
File: ms_dns_kb941672.nasl - Type: ACT_GATHER_INFO
2014-03-05 Name: The DNS server running on the remote host is vulnerable to DNS spoofing attacks.
File: ms_dns_kb951746.nasl - Type: ACT_GATHER_INFO
2014-03-05 Name: The DNS server running on the remote host is vulnerable to DNS spoofing attacks.
File: ms_dns_kb961063.nasl - Type: ACT_GATHER_INFO
2013-09-15 Name: The remote host is missing Sun Security Patch number 125907-02
File: solaris10_x86_125907.nasl - Type: ACT_GATHER_INFO
2013-07-16 Name: The remote device is missing a vendor-supplied security patch.
File: juniper_jsa10579.nasl - Type: ACT_GATHER_INFO
2011-03-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2191.nasl - Type: ACT_GATHER_INFO
2011-01-27 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_flash-player-6386.nasl - Type: ACT_GATHER_INFO
2010-11-23 Name: The remote host has IP forwarding enabled.
File: ip_forwarding_enabled.nasl - Type: ACT_GATHER_INFO
2010-10-11 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_java-1_5_0-ibm-6741.nasl - Type: ACT_GATHER_INFO
2010-09-13 Name: It is possible to execute arbitrary code on the remote Windows host due to fl...
File: smb_kb971468.nasl - Type: ACT_GATHER_INFO
2010-09-01 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20020212-snmp-msgshttp.nasl - Type: ACT_GATHER_INFO
2010-09-01 Name: The remote device is missing a vendor-supplied security patch
File: cisco-sa-20050412-icmp.nasl - Type: ACT_GATHER_INFO
2010-09-01 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20090908-tcp24http.nasl - Type: ACT_GATHER_INFO
2010-06-09 Name: The Windows kernel is affected by several vulnerabilities that could allow es...
File: smb_nt_ms10-032.nasl - Type: ACT_GATHER_INFO
2010-06-09 Name: The remote Windows host is missing an update that disables selected ActiveX c...
File: smb_nt_ms10-034.nasl - Type: ACT_GATHER_INFO
2010-06-09 Name: The remote Windows host contains a font driver that is affected by a privileg...
File: smb_nt_ms10-037.nasl - Type: ACT_GATHER_INFO
2010-04-27 Name: The remote media service is affected by a remote code execution vulnerability.
File: smb_kb_980858.nasl - Type: ACT_GATHER_INFO