Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 2006-12-21 |
Product | Windows Vista | Last view | 2020-02-20 |
Version | Type | ||
Update | |||
Edition | x64 | ||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2020-02-20 | CVE-2012-5364 | The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. |
7.5 | 2020-02-20 | CVE-2012-5362 | The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2010-4669. |
5.5 | 2018-02-26 | CVE-2018-7250 | An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data. |
7 | 2018-02-26 | CVE-2018-7249 | An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel. |
7.8 | 2017-04-12 | CVE-2017-0199 | Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API." |
4.3 | 2017-04-12 | CVE-2017-0192 | The Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold , 1511, 1607, and 1703 allows an attacker to gain sensitive information via a specially crafted document or an untrusted website, aka "ATMFD.dll Information Disclosure Vulnerability." |
8.1 | 2017-04-12 | CVE-2017-0166 | An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP Elevation of Privilege Vulnerability." |
7.5 | 2017-04-12 | CVE-2017-0158 | An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Scripting Engine Memory Corruption Vulnerability." |
7 | 2017-04-12 | CVE-2017-0155 | The Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Graphics Elevation of Privilege Vulnerability." |
4.7 | 2017-04-12 | CVE-2017-0058 | A Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability." |
7.5 | 2017-03-16 | CVE-2017-0147 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability." |
4.3 | 2017-03-16 | CVE-2017-0128 | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, and CVE-2017-0127. |
4.3 | 2017-03-16 | CVE-2017-0127 | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, and CVE-2017-0128. |
4.3 | 2017-03-16 | CVE-2017-0126 | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0127, and CVE-2017-0128. |
4.3 | 2017-03-16 | CVE-2017-0125 | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. |
4.3 | 2017-03-16 | CVE-2017-0124 | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. |
4.3 | 2017-03-16 | CVE-2017-0123 | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. |
4.3 | 2017-03-16 | CVE-2017-0122 | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. |
4.3 | 2017-03-16 | CVE-2017-0121 | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. |
4.3 | 2017-03-16 | CVE-2017-0120 | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Uniscribe Information Disclosure Vulnerability." |
4.3 | 2017-03-16 | CVE-2017-0119 | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. |
4.3 | 2017-03-16 | CVE-2017-0118 | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. |
4.3 | 2017-03-16 | CVE-2017-0117 | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. |
4.3 | 2017-03-16 | CVE-2017-0116 | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. |
4.3 | 2017-03-16 | CVE-2017-0115 | Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
18% (134) | CWE-264 | Permissions, Privileges, and Access Controls |
14% (107) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
14% (103) | CWE-20 | Improper Input Validation |
11% (82) | CWE-200 | Information Exposure |
10% (77) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
10% (75) | CWE-399 | Resource Management Errors |
5% (44) | CWE-362 | Race Condition |
3% (26) | CWE-189 | Numeric Errors |
1% (11) | CWE-284 | Access Control (Authorization) Issues |
1% (10) | CWE-416 | Use After Free |
1% (10) | CWE-19 | Data Handling |
0% (6) | CWE-310 | Cryptographic Issues |
0% (6) | CWE-254 | Security Features |
0% (5) | CWE-287 | Improper Authentication |
0% (5) | CWE-255 | Credentials Management |
0% (4) | CWE-476 | NULL Pointer Dereference |
0% (4) | CWE-426 | Untrusted Search Path |
0% (4) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
0% (3) | CWE-190 | Integer Overflow or Wraparound |
0% (2) | CWE-787 | Out-of-bounds Write |
0% (2) | CWE-415 | Double Free |
0% (2) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
0% (2) | CWE-269 | Improper Privilege Management |
0% (2) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
0% (2) | CWE-16 | Configuration |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-2 | Inducing Account Lockout |
CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
CAPEC-7 | Blind SQL Injection |
CAPEC-8 | Buffer Overflow in an API Call |
CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
CAPEC-10 | Buffer Overflow via Environment Variables |
CAPEC-13 | Subverting Environment Variable Values |
CAPEC-14 | Client-side Injection-induced Buffer Overflow |
CAPEC-18 | Embedding Scripts in Nonscript Elements |
CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
CAPEC-24 | Filter Failure through Buffer Overflow |
CAPEC-26 | Leveraging Race Conditions |
CAPEC-28 | Fuzzing |
CAPEC-29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
CAPEC-32 | Embedding Scripts in HTTP Query Strings |
CAPEC-42 | MIME Conversion |
CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-46 | Overflow Variables and Tags |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-52 | Embedding NULL Bytes |
CAPEC-53 | Postfix, Null Terminate, and Backslash |
CAPEC-59 | Session Credential Falsification through Prediction |
CAPEC-63 | Simple Script Injection |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:1816 | MsgBox (CSRSS) Remote Code Execution Vulnerability |
oval:org.mitre.oval:def:5489 | Speech API Vulnerability |
oval:org.mitre.oval:def:1861 | Windows Mail UNC Navigation Request Remote Code Execution Vulnerability |
oval:org.mitre.oval:def:1854 | Windows Animated Cursor Remote Code Execution Vulnerability |
oval:org.mitre.oval:def:1923 | EMF Elevation of Privilege Vulnerability |
oval:org.mitre.oval:def:1927 | GDI Incorrect Parameter Local Elevation of Privilege Vulnerability |
oval:org.mitre.oval:def:1524 | CSRSS Local Elevation of Privilege Vulnerability |
oval:org.mitre.oval:def:6041 | Race Condition Cross-Domain Information Disclosure Vulnerability |
oval:org.mitre.oval:def:1529 | Windows Vista Information Disclosure Vulnerability |
oval:org.mitre.oval:def:1884 | Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability |
oval:org.mitre.oval:def:2115 | Vulnerability in Contacts Gadget. |
oval:org.mitre.oval:def:2152 | Vulnerability in Feed Headline Gadget. |
oval:org.mitre.oval:def:2071 | Vulnerability in Weather Gadget. |
oval:org.mitre.oval:def:2310 | Vulnerability in RPC Could Allow Denial of Service |
oval:org.mitre.oval:def:3912 | Vulnerability in Windows Kernel Could Allow Elevation of Privilege |
oval:org.mitre.oval:def:4208 | Vulnerability in SMBv2 Could Allow Remote Code Execution |
oval:org.mitre.oval:def:5370 | Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability |
oval:org.mitre.oval:def:5240 | Windows Kernel TCP/IP Vulnerability |
oval:org.mitre.oval:def:5314 | DNS Spoofing Attack Vulnerability |
oval:org.mitre.oval:def:5441 | GDI Heap Overflow Vulnerability |
oval:org.mitre.oval:def:5437 | Windows Kernel Vulnerability |
oval:org.mitre.oval:def:5580 | GDI stack Overflow Vulnerability |
oval:org.mitre.oval:def:5891 | Microsoft Distributed Transaction Coordinator Service Isolation Vulnerability |
oval:org.mitre.oval:def:5604 | PGM Malformed Fragment Vulnerability |
oval:org.mitre.oval:def:4730 | Bluetooth Vulnerability |
SAINT Exploits
Description | Link |
---|---|
Internet Explorer iepeers.dll use-after-free vulnerability | More info here |
Visual Studio Active Template Library object type mismatch vulnerability | More info here |
Windows Server Service buffer overflow MS08-067 | More info here |
Microsoft Windows Movie Maker IsValidWMToolsStream buffer overflow | More info here |
Windows OLE Automation Array command execution | More info here |
Windows SMB credential reflection vulnerability | More info here |
Microsoft Windows Media Player DVR-MS File Code Execution | More info here |
Windows Telnet credential reflection | More info here |
Internet Explorer WinINet credential reflection vulnerability | More info here |
Windows Media Center command execution | More info here |
Windows OLE Package Manager CPackage::DoVerb() INF File Download Vulnerability | More info here |
Windows Thumbnail View CreateSizedDIBSECTION buffer overflow | More info here |
Windows GDI EMF filename buffer overflow | More info here |
Microsoft Word and WordPad RTF HTA handler command execution | More info here |
Windows Media MIDI Invalid Channel | More info here |
Windows Animated Cursor Header buffer overflow | More info here |
Microsoft Office ClickOnce Unsafe Execution | More info here |
Windows search-ms protocol handler command execution vulnerability | More info here |
Windows Shell LNK file CONTROL item command execution | More info here |
Microsoft Remote Desktop Connection Insecure Library Injection | More info here |
Windows Crafted Theme File Handling Vulnerability | More info here |
Microsoft Office Art Property Table Memory Corruption | More info here |
Windows SMB2 buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
78211 | Microsoft Windows Line21 DirectShow Filter Media File Handling Remote Code Ex... |
78210 | Microsoft Windows Multimedia Library (winmm.dll) MIDI File Handling Remote Co... |
78209 | Microsoft Windows Ntdll.dll Structured Exception Handling Tables Loading Safe... |
78207 | Microsoft Windows Embedded ClickOnce Application Office File Handling Remote ... |
78206 | Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unicode Character ... |
78057 | Microsoft .NET Framework ASP.NET Hash Collision Web Form Post Parsing Remote DoS |
78056 | Microsoft .NET Framework Forms Authentication Sliding Expiry Cached Content P... |
78055 | Microsoft .NET Framework ASP.NET Username Parsing Authentication Bypass |
78054 | Microsoft .NET Framework Forms Authentication Return URL Handling Arbitrary S... |
77908 | Microsoft Windows win32k.sys Safari IFRAME Height Attribute Handling Remote M... |
77667 | Microsoft Windows Active Directory Query Parsing Remote Overflow |
77662 | Microsoft Windows CSRSS Device Event Message Parsing Local Privilege Escalation |
77660 | Microsoft Windows Media Player / Center DVR-MS File Handling Remote Memory Co... |
76902 | Microsoft Windows Active Directory LDAPS CRL Handling Weakness Authentication... |
76901 | Microsoft Windows Mail / Windows Meeting Space Path Subversion Arbitrary DLL ... |
76899 | Microsoft Windows TCP/IP Reference Counter Crafted UDP Packet Stream Remote O... |
76843 | Microsoft Windows Win32k TrueType Font Handling Privilege Escalation |
76231 | Microsoft Windows Active Accessibility Path Subversion Arbitrary DLL Injectio... |
76221 | Microsoft Windows win32k.sys Driver Use-after-free Driver Object Handling Arb... |
76220 | Microsoft Windows win32k.sys Driver .fon Font File Handling Overflow |
76219 | Microsoft Windows win32k.sys Driver Type Translation TrueType Font File Handl... |
76218 | Microsoft Windows win32k.sys Driver NULL Dereference Unspecified Arbitrary Co... |
76205 | Microsoft Windows Media Center Path Subversion Arbitrary DLL Injection Code E... |
75382 | Microsoft Windows Shell Extensions Path Subversion Arbitrary DLL Injection Co... |
74482 | Microsoft Windows TCP/IP Stack (Tcpip.sys) ICMP Message Parsing Remote DoS |
ExploitDB Exploits
id | Description |
---|---|
35236 | MS14-064 Microsoft Windows OLE Package Manager Code Execution |
35235 | MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python |
35230 | Internet Explorer < 11 - OLE Automation Array Remote Code Execution (MSF) |
35229 | Internet Explorer <11 - OLE Automation Array Remote Code Execution |
35216 | MS Office 2007 and 2010 - OLE Arbitrary Command Execution |
35101 | Windows TrackPopupMenu Win32k NULL Pointer Dereference |
35055 | Windows OLE - Remote Code Execution "Sandworm" Exploit (MS14-060) |
35020 | MS14-060 Microsoft Windows OLE Package Manager Code Execution |
35019 | Windows OLE Package Manager SandWorm Exploit |
33213 | Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei) |
30397 | Windows Kernel win32k.sys - Integer Overflow (MS13-101) |
30011 | Microsoft Tagged Image File Format (TIFF) Integer Overflow |
29813 | Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability |
27050 | DirectShow Arbitrary Memory Overwrite Vulnerability (MS13-056) |
26554 | Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation |
24485 | MS13-005 HWND_BROADCAST PoC |
19037 | MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability |
18426 | MS12-004 midiOutPlayNextPolyEvent Heap Overflow |
18372 | Microsoft Windows Assembly Execution Vulnerability MS12-005 |
18024 | MS11-077 Win32k Null Pointer De-reference Vulnerability POC |
17978 | MS11-077 .fon Kernel-Mode Buffer Overrun PoC |
17659 | MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow |
17544 | GDI+ CreateDashedPath Integer overflow in gdiplus.dll |
16590 | Internet Explorer DHTML Behaviors Use After Free |
15985 | MS10-073: Win32k Keyboard Layout Vulnerability |
OpenVAS Exploits
id | Description |
---|---|
2013-07-09 | Name : Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671... File : nvt/secpod_ms12-020_remote.nasl |
2012-12-12 | Name : Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (... File : nvt/secpod_ms12-078.nasl |
2012-12-12 | Name : Microsoft Windows File Handling Component Remote Code Execution Vulnerability... File : nvt/secpod_ms12-081.nasl |
2012-11-14 | Name : Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528) File : nvt/secpod_ms12-072.nasl |
2012-11-14 | Name : Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (... File : nvt/secpod_ms12-075.nasl |
2012-10-10 | Name : Microsoft Windows Kernel Privilege Elevation Vulnerability (2724197) File : nvt/secpod_ms12-068.nasl |
2012-09-28 | Name : Google Chrome Windows Kernel Memory Corruption Vulnerability File : nvt/gb_google_chrome_mem_crptn_vuln_win.nasl |
2012-08-15 | Name : Microsoft Windows Networking Components Remote Code Execution Vulnerabilities... File : nvt/secpod_ms12-054.nasl |
2012-08-15 | Name : Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2731... File : nvt/secpod_ms12-055.nasl |
2012-07-11 | Name : Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (27... File : nvt/secpod_ms12-047.nasl |
2012-07-11 | Name : Microsoft Windows Shell Remote Code Execution Vulnerability (2691442) File : nvt/secpod_ms12-048.nasl |
2012-07-11 | Name : Microsoft Windows TLS Protocol Information Disclosure Vulnerability (2655992) File : nvt/secpod_ms12-049.nasl |
2012-06-13 | Name : Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2685939) File : nvt/secpod_ms12-036.nasl |
2012-06-13 | Name : Microsoft Lync Remote Code Execution Vulnerabilities (2707956) File : nvt/secpod_ms12-039.nasl |
2012-06-13 | Name : Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2709162) File : nvt/secpod_ms12-041.nasl |
2012-05-14 | Name : Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X) File : nvt/secpod_ms12-034_macosx.nasl |
2012-05-09 | Name : Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (2688338) File : nvt/secpod_ms12-032.nasl |
2012-05-09 | Name : Microsoft Windows Prtition Manager Privilege Elevation Vulnerability (2690533) File : nvt/secpod_ms12-033.nasl |
2012-05-09 | Name : MS Security Update For Microsoft Office, .NET Framework, and Silverlight (268... File : nvt/secpod_ms12-034.nasl |
2012-04-11 | Name : Windows Authenticode Signature Remote Code Execution Vulnerability (2653956) File : nvt/secpod_ms12-024.nasl |
2012-03-14 | Name : Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2641653) File : nvt/secpod_ms12-018.nasl |
2012-03-14 | Name : Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364) File : nvt/secpod_ms12-019.nasl |
2012-03-14 | Name : Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671... File : nvt/secpod_ms12-020.nasl |
2012-03-06 | Name : Microsoft SMB Transaction Parsing Remote Code Execution Vulnerability File : nvt/secpod_ms11-020_remote.nasl |
2012-02-29 | Name : MicroSoft SMB Server Trans2 Request Remote Code Execution Vulnerability File : nvt/secpod_ms10-054_remote.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-B-0112 | Microsoft Media Center Remote Code Execution Vulnerability (MS15-100) Severity: Category II - VMSKEY: V0061373 |
2015-A-0212 | Multiple Vulnerabilities in Microsoft Graphics Component (MS15-097) Severity: Category II - VMSKEY: V0061385 |
2015-A-0215 | Multiple Vulnerabilities in Microsoft Windows Task Management (MS15-102) Severity: Category II - VMSKEY: V0061391 |
2015-A-0216 | Multiple Vulnerabilities in Microsoft Windows Journal (MS15-098) Severity: Category II - VMSKEY: V0061393 |
2015-B-0096 | Microsoft WebDAV Information Disclosure Vulnerability (MS15-089) Severity: Category II - VMSKEY: V0061285 |
2015-A-0188 | Cumulative Security Update for Microsoft Internet Explorer (MS15-079) Severity: Category I - VMSKEY: V0061297 |
2015-A-0190 | Multiple Vulnerabilities in Microsoft Remote Desktop Protocol (RDP) (MS15-082) Severity: Category II - VMSKEY: V0061299 |
2015-A-0192 | Microsoft Windows Mount Manager Privilege Escalation Vulnerability (MS15-085) Severity: Category I - VMSKEY: V0061303 |
2015-A-0193 | Multiple Privilege Escalation Vulnerabilities in Microsoft Windows (MS15-090) Severity: Category II - VMSKEY: V0061305 |
2015-A-0194 | Multiple Vulnerabilities in Microsoft Office (MS15-081) Severity: Category II - VMSKEY: V0061307 |
2015-A-0196 | Multiple Vulnerabilities in Microsoft Graphics Component (MS15-080) Severity: Category II - VMSKEY: V0061311 |
2015-A-0197 | Microsoft Command Line Parameter Information Disclosure Vulnerability (MS15-088) Severity: Category II - VMSKEY: V0061313 |
2015-A-0198 | Microsoft Server Message Block (SMB) Remote Code Execution Vulnerability (MS1... Severity: Category II - VMSKEY: V0061315 |
2015-A-0165 | Microsoft Remote Procedure Call (RPC) Privilege Escalation Vulnerability (MS1... Severity: Category II - VMSKEY: V0061093 |
2015-A-0164 | Microsoft Windows Installer Privilege Escalation Vulnerability (MS15-074) Severity: Category II - VMSKEY: V0061095 |
2015-A-0162 | Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Driver (MS15-073) Severity: Category II - VMSKEY: V0061097 |
2015-A-0169 | Multiple Vulnerabilities in Microsoft OLE (MS15-075) Severity: Category II - VMSKEY: V0061103 |
2015-A-0168 | Microsoft Graphics Component Privilege Escalation Vulnerability (MS15-072) Severity: Category II - VMSKEY: V0061105 |
2015-A-0167 | Multiple Vulnerabilities in Microsoft Windows (MS15-069) Severity: Category II - VMSKEY: V0061129 |
2015-A-0125 | Microsoft Common Controls Could Allow Remote Code Execution Vulnerability (MS... Severity: Category II - VMSKEY: V0060943 |
2015-A-0122 | Microsoft Windows Kernel Elevation of Privilege Vulnerability (MS15-063) Severity: Category II - VMSKEY: V0060961 |
2015-A-0107 | Microsoft Service Control Manager Privilege Escalation Vulnerability (MS15-050) Severity: Category II - VMSKEY: V0060651 |
2015-A-0108 | Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Driver (MS15-051) Severity: Category II - VMSKEY: V0060653 |
2015-A-0111 | Microsoft SChannel Information Disclosure Vulnerability (MS15-055) Severity: Category I - VMSKEY: V0060659 |
2015-A-0091 | Multiple Vulnerabilities in Microsoft Windows (MS15-038) Severity: Category II - VMSKEY: V0059897 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Multiple Operating Systems invalid DHCP option attempt RuleID : 7196 - Type : OS-OTHER - Revision : 13 |
2014-01-10 | Microsoft Multiple Products malformed PNG detected tEXt overflow attempt RuleID : 6700 - Type : FILE-IMAGE - Revision : 20 |
2021-01-26 | Microsoft ASP.NET bad request denial of service attempt RuleID : 56804 - Type : SERVER-IIS - Revision : 1 |
2020-10-13 | Microsoft Windows NDIS.SYS driver buffer overflow attempt RuleID : 55198 - Type : OS-WINDOWS - Revision : 1 |
2020-10-13 | Microsoft Windows NDIS.SYS driver buffer overflow attempt RuleID : 55197 - Type : OS-WINDOWS - Revision : 1 |
2020-03-19 | Microsoft Windows Data Analyzer 3.5 ActiveX clsid access RuleID : 53118 - Type : BROWSER-PLUGINS - Revision : 1 |
2020-03-19 | Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt RuleID : 53117 - Type : BROWSER-PLUGINS - Revision : 1 |
2020-03-19 | Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt RuleID : 53116 - Type : BROWSER-PLUGINS - Revision : 1 |
2020-01-16 | Microsoft Word internal OLE object update attempt RuleID : 52482 - Type : INDICATOR-COMPROMISE - Revision : 1 |
2020-01-16 | Microsoft Word internal OLE object update attempt RuleID : 52481 - Type : INDICATOR-COMPROMISE - Revision : 1 |
2020-01-03 | Microsoft Windows MHTML XSS attempt RuleID : 52335 - Type : OS-WINDOWS - Revision : 1 |
2019-09-17 | Microsoft Windows Object Packager ClickOnce object remote code execution attempt RuleID : 51029 - Type : OS-WINDOWS - Revision : 1 |
2019-09-17 | Microsoft Windows Object Packager ClickOnce object remote code execution attempt RuleID : 51028 - Type : OS-WINDOWS - Revision : 1 |
2019-09-05 | Microsoft Windows mp3 file malformed ID3 APIC header code execution attempt RuleID : 50893 - Type : FILE-MULTIMEDIA - Revision : 1 |
2019-09-05 | Microsoft Windows mp3 file malformed ID3 APIC header code execution attempt RuleID : 50892 - Type : FILE-MULTIMEDIA - Revision : 1 |
2019-09-05 | Microsoft OpenType font index remote code execution attempt RuleID : 50889 - Type : FILE-OTHER - Revision : 1 |
2019-09-05 | Microsoft OpenType font index remote code execution attempt RuleID : 50888 - Type : FILE-OTHER - Revision : 1 |
2019-09-05 | Microsoft Windows GDI EMF parsing arbitrary code execution attempt RuleID : 50885 - Type : FILE-OTHER - Revision : 1 |
2019-09-05 | Microsoft Windows GDI EMF parsing arbitrary code execution attempt RuleID : 50884 - Type : FILE-OTHER - Revision : 1 |
2019-09-05 | Microsoft Fax Cover Page Editor heap corruption attempt RuleID : 50873 - Type : OS-WINDOWS - Revision : 1 |
2019-09-05 | Microsoft Fax Cover Page Editor heap corruption attempt RuleID : 50872 - Type : OS-WINDOWS - Revision : 1 |
2019-08-31 | Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated ... RuleID : 50849 - Type : FILE-OTHER - Revision : 1 |
2019-08-31 | Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated ... RuleID : 50848 - Type : FILE-OTHER - Revision : 1 |
2019-08-27 | Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt RuleID : 50798 - Type : FILE-IMAGE - Revision : 1 |
2019-08-13 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 50707 - Type : OS-WINDOWS - Revision : 1 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2017-10-20 | Name: The remote Windows host is affected by an information disclosure vulnerability. File: smb_nt_ms17_apr_4014793.nasl - Type: ACT_GATHER_INFO |
2017-10-20 | Name: The remote Windows host is affected by a remote code execution vulnerability. File: smb_nt_ms17_may_4020535.nasl - Type: ACT_GATHER_INFO |
2017-04-12 | Name: The remote Windows host is affected by a remote code execution vulnerability. File: smb_nt_ms17_apr_4015067.nasl - Type: ACT_GATHER_INFO |
2017-04-12 | Name: The remote Windows host is affected by an elevation of privilege vulnerability. File: smb_nt_ms17_apr_4015068.nasl - Type: ACT_GATHER_INFO |
2017-04-12 | Name: The remote Windows host is affected by an information disclosure vulnerability. File: smb_nt_ms17_apr_4015195.nasl - Type: ACT_GATHER_INFO |
2017-04-12 | Name: The remote Windows host is affected by an information disclosure vulnerability. File: smb_nt_ms17_apr_4015380.nasl - Type: ACT_GATHER_INFO |
2017-04-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_apr_4015549.nasl - Type: ACT_GATHER_INFO |
2017-04-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_apr_4015550.nasl - Type: ACT_GATHER_INFO |
2017-04-12 | Name: An application installed on the remote Windows host is affected by multiple v... File: smb_nt_ms17_apr_office.nasl - Type: ACT_GATHER_INFO |
2017-04-11 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17-apr_4015551.nasl - Type: ACT_GATHER_INFO |
2017-04-11 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_apr_4015217.nasl - Type: ACT_GATHER_INFO |
2017-04-11 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_apr_4015219.nasl - Type: ACT_GATHER_INFO |
2017-04-11 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_apr_4015221.nasl - Type: ACT_GATHER_INFO |
2017-04-11 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_apr_4015583.nasl - Type: ACT_GATHER_INFO |
2017-03-20 | Name: The remote Windows host is affected by multiple vulnerabilities. File: ms17-010.nasl - Type: ACT_GATHER_INFO |
2017-03-17 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17-013.nasl - Type: ACT_GATHER_INFO |
2017-03-15 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17-010.nasl - Type: ACT_GATHER_INFO |
2017-03-15 | Name: The remote Windows host is affected multiple elevation of privilege vulnerabi... File: smb_nt_ms17-018.nasl - Type: ACT_GATHER_INFO |
2017-03-15 | Name: The remote Windows host is affected by an information disclosure vulnerability. File: smb_nt_ms17-021.nasl - Type: ACT_GATHER_INFO |
2017-03-15 | Name: The remote Windows host is affected multiple vulnerabilities. File: smb_nt_ms17-008.nasl - Type: ACT_GATHER_INFO |
2017-03-15 | Name: The remote Windows host is affected multiple vulnerabilities. File: smb_nt_ms17-012.nasl - Type: ACT_GATHER_INFO |
2017-03-15 | Name: The remote Windows host is affected by a cross-site scripting vulnerability. File: smb_nt_ms17-016.nasl - Type: ACT_GATHER_INFO |
2017-03-14 | Name: The remote host is affected by multiple vulnerabilities. File: smb_nt_ms17-011.nasl - Type: ACT_GATHER_INFO |
2017-03-14 | Name: The remote Windows host is affected multiple elevation of privilege vulnerabi... File: smb_nt_ms17-017.nasl - Type: ACT_GATHER_INFO |
2017-03-14 | Name: The remote Windows host is affected by an information disclosure vulnerability. File: smb_nt_ms17-020.nasl - Type: ACT_GATHER_INFO |