This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2000-04-14
Product Windows Xp Last view 2020-02-20
Version Type
Update  
Edition x86  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:* 364
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:* 286
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:* 153
cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:* 118
cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:* 102
cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:* 100
cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:* 100
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:* 86
cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:* 60
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:* 56
cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:* 56
cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:* 54
cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:* 54
cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:* 52
cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:* 50
cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:* 50
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:* 46
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:* 40
cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:* 32
cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:* 23
cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:* 21
cpe:2.3:o:microsoft:windows_xp:*:*:embedded:*:*:*:*:* 19
cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:* 17
cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:* 15
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:* 14
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:* 11
cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:* 11
cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:* 10
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:*:* 9
cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:* 8
cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:* 8
cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:*:*:*:* 8
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:home:*:x86:* 7
cpe:2.3:o:microsoft:windows_xp:sp3:unknown:english:*:*:*:*:* 7
cpe:2.3:o:microsoft:windows_xp:*:x64:*:*:*:*:*:* 6
cpe:2.3:o:microsoft:windows_xp:*:sp1:professional:*:*:*:*:* 5
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:x64:* 4
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:x64:* 4
cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:* 4
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:professional:*:x86:* 4
cpe:2.3:o:microsoft:windows_xp:*:*:pro:*:*:*:*:* 4
cpe:2.3:o:microsoft:windows_xp:*:sp1:pro:*:*:*:*:* 4
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:home:*:x86:* 4
cpe:2.3:o:microsoft:windows_xp:2005:sp3:media_center:*:*:*:*:* 3
cpe:2.3:o:microsoft:windows_xp:-:-:*:*:professional:*:x64:* 3
cpe:2.3:o:microsoft:windows_xp:*:gold:tablet_pc:*:*:*:*:* 3
cpe:2.3:o:microsoft:windows_xp:*:gold:embedded:*:*:*:*:* 3
cpe:2.3:o:microsoft:windows_xp:*:sp2:embedded:*:*:*:*:* 3
cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit_2003:*:*:*:*:* 3
cpe:2.3:o:microsoft:windows_xp:-:*:*:*:professional:*:x64:* 3

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2020-02-20 CVE-2012-5364

The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.

7.5 2020-02-20 CVE-2012-5362

The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2010-4669.

7.5 2019-12-10 CVE-2019-1489

An information disclosure vulnerability exists when the Windows Remote Desktop Protocol (RDP) fails to properly handle objects in memory, aka 'Remote Desktop Protocol Information Disclosure Vulnerability'.

8.1 2017-06-22 CVE-2017-0176

A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.

7.8 2017-06-15 CVE-2017-8487

Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerability."

7.8 2017-06-15 CVE-2017-8461

Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka "Windows RPC Remote Code Execution Vulnerability."

7.2 2014-07-26 CVE-2014-4971

Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.

6.9 2014-04-08 CVE-2014-0315

Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse cmd.exe file in the current working directory, as demonstrated by a directory that contains a .bat or .cmd file, aka "Windows File Handling Vulnerability."

6.6 2014-03-12 CVE-2014-0323

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (system hang) via a crafted application, aka "Win32k Information Disclosure Vulnerability."

5.4 2014-03-12 CVE-2014-0317

The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka "SAMR Security Feature Bypass Vulnerability."

9.3 2014-03-12 CVE-2014-0301

Double free vulnerability in qedit.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via a crafted JPEG image, aka "DirectShow Memory Corruption Vulnerability."

7.2 2014-03-12 CVE-2014-0300

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

7.1 2014-02-11 CVE-2014-0266

The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to bypass the Same Origin Policy via a web page that is visited in Internet Explorer, aka "MSXML Information Disclosure Vulnerability."

6.9 2013-12-10 CVE-2013-5058

Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges via a crafted application, aka "Win32k Integer Overflow Vulnerability."

9.3 2013-12-10 CVE-2013-5056

Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that is visited with Internet Explorer, aka "Use-After-Free Vulnerability in Microsoft Scripting Runtime Object Library."

7.2 2013-12-10 CVE-2013-3899

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate addresses, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."

6.9 2013-12-10 CVE-2013-3878

Stack-based buffer overflow in the LRPC client in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges by operating an LRPC server that sends a crafted LPC port message, aka "LRPC Client Buffer Overrun Vulnerability."

7.8 2013-11-27 CVE-2013-5065

NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.

7.1 2013-11-17 CVE-2013-3876

DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which allows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificate.

9.3 2013-11-12 CVE-2013-3940

Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image in a Windows Write (.wri) document, which is not properly handled in WordPad, aka "Graphics Device Interface Integer Overflow Vulnerability."

9.3 2013-11-12 CVE-2013-3918

The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability."

4.9 2013-11-12 CVE-2013-3887

The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows local users to obtain sensitive information from kernel memory by leveraging improper copy operations, aka "Ancillary Function Driver Information Disclosure Vulnerability."

5 2013-11-12 CVE-2013-3869

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a denial of service (daemon hang) via a web-service request containing a crafted X.509 certificate that is not properly handled during validation, aka "Digital Signatures Vulnerability."

9.3 2013-10-09 CVE-2013-3894

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted CMAP table in a TrueType font (TTF) file, aka "TrueType Font CMAP Table Vulnerability."

7.2 2013-10-09 CVE-2013-3879

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
17% (85) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
16% (76) CWE-20 Improper Input Validation
14% (67) CWE-399 Resource Management Errors
14% (67) CWE-94 Failure to Control Generation of Code ('Code Injection')
11% (56) CWE-264 Permissions, Privileges, and Access Controls
8% (40) CWE-362 Race Condition
6% (29) CWE-189 Numeric Errors
2% (11) CWE-200 Information Exposure
0% (4) CWE-310 Cryptographic Issues
0% (4) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
0% (3) CWE-287 Improper Authentication
0% (3) CWE-190 Integer Overflow or Wraparound
0% (2) CWE-476 NULL Pointer Dereference
0% (2) CWE-415 Double Free
0% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (2) CWE-255 Credentials Management
0% (2) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
0% (2) CWE-88 Argument Injection or Modification
0% (2) CWE-16 Configuration
0% (1) CWE-787 Out-of-bounds Write
0% (1) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (1) CWE-681 Incorrect Conversion between Numeric Types
0% (1) CWE-669 Incorrect Resource Transfer Between Spheres
0% (1) CWE-667 Insufficient Locking
0% (1) CWE-426 Untrusted Search Path

CAPEC : Common Attack Pattern Enumeration & Classification

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Name
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC-2 Inducing Account Lockout
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7 Blind SQL Injection
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-17 Accessing, Modifying or Executing Executable Files
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-21 Exploitation of Session Variables, Resource IDs and other Trusted Credentials
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-27 Leveraging Race Conditions via Symbolic Links
CAPEC-28 Fuzzing
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-41 Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC-42 MIME Conversion
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:253 SQL Server Format String Vulnerability
oval:org.mitre.oval:def:402 SNMP Request Handling Buffer Overflow
oval:org.mitre.oval:def:209 SNMP Agent Service Buffer Overflow
oval:org.mitre.oval:def:30 Microsoft SMTP Malformed BDAT Request Denial of Service
oval:org.mitre.oval:def:89 Windows 2000 MUP UNC Request Buffer Overflow
oval:org.mitre.oval:def:145 Windows NT MUP UNC Request Buffer Overflow
oval:org.mitre.oval:def:63 Windows 2000 Remote Access Service Phonebook Buffer Overflow
oval:org.mitre.oval:def:61 Windows NT Remote Access Service Phonebook Buffer Overflow
oval:org.mitre.oval:def:9 Solaris 8 RPC xdr_array Buffer Overflow
oval:org.mitre.oval:def:4728 SunRPC xdr_array Function Integer Overflow
oval:org.mitre.oval:def:42 Solaris 7 RPC xdr_array Buffer Overflow
oval:org.mitre.oval:def:374 HTML Help ActiveX Control Buffer Overflow
oval:org.mitre.oval:def:403 Code Execution via Compiled HTML Help File
oval:org.mitre.oval:def:190 ActiveX Certificate Enrollment Unauthorized Remote Certificate Deletion
oval:org.mitre.oval:def:189 Network Share Provider Buffer Overflow
oval:org.mitre.oval:def:2671 Windows 2000 Certificate Validation Identity Spoofing Vulnerability (Test 2)
oval:org.mitre.oval:def:1332 Windows 2000 Certificate Validation Identity Spoofing Vulnerability (Test 1)
oval:org.mitre.oval:def:1056 Microsoft Certificate Validation Flaw Identity Spoofing Vulnerability
oval:org.mitre.oval:def:199 Weak Encryption in RDP Protocol
oval:org.mitre.oval:def:277 SMB Session Digital Signature Sidestep
oval:org.mitre.oval:def:582 MSJava Applet CODEBASE File Access Vulnerability
oval:org.mitre.oval:def:59 Microsoft Windows RPC Denial of Service
oval:org.mitre.oval:def:10736 The Internet Group Management Protocol (IGMP) allows local users to cause a d...
oval:org.mitre.oval:def:103 Windows RPC Locator Service Buffer Overflow
oval:org.mitre.oval:def:795 DEPRECATED: Windows Script Engine Heap Overflow (Test 3)

SAINT Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Description Link
Internet Explorer iepeers.dll use-after-free vulnerability More info here
Microsoft Jet Engine MDB file ColumnName buffer overflow More info here
Microsoft Message Queuing buffer overflow More info here
Visual Studio Active Template Library object type mismatch vulnerability More info here
Windows Telephony API buffer overflow More info here
Windows Metafile rendering buffer overflow More info here
Windows Server Service buffer overflow MS08-067 More info here
Windows LSASS buffer overflow More info here
Windows Server Service buffer overflow More info here
Windows RRAS memory corruption vulnerability More info here
Microsoft Windows Movie Maker IsValidWMToolsStream buffer overflow More info here
Windows Task Scheduler buffer overflow More info here
Windows Cursor and Icon handling vulnerability More info here
Microsoft OLE Object File Handling vulnerability More info here
Microsoft Windows Media Player DVR-MS File Code Execution More info here
Windows Plug and Play buffer overflow More info here
Windows Telnet credential reflection More info here
Windows compressed folders buffer overflow More info here
Internet Explorer WinINet credential reflection vulnerability More info here
Microsoft WordPad Word97 text converter buffer overflow More info here
Windows Thumbnail View CreateSizedDIBSECTION buffer overflow More info here
Internet Explorer Tabular Data Control DataURL memory corruption More info here
Windows WMF handling vulnerability More info here
Windows GDI EMF filename buffer overflow More info here
Windows Media MIDI Invalid Channel More info here

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
78212 Microsoft Windows Object Packager Path Subversion packager.exe Loading Remote...
78211 Microsoft Windows Line21 DirectShow Filter Media File Handling Remote Code Ex...
78210 Microsoft Windows Multimedia Library (winmm.dll) MIDI File Handling Remote Co...
78209 Microsoft Windows Ntdll.dll Structured Exception Handling Tables Loading Safe...
78207 Microsoft Windows Embedded ClickOnce Application Office File Handling Remote ...
78206 Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unicode Character ...
78057 Microsoft .NET Framework ASP.NET Hash Collision Web Form Post Parsing Remote DoS
78056 Microsoft .NET Framework Forms Authentication Sliding Expiry Cached Content P...
78055 Microsoft .NET Framework ASP.NET Username Parsing Authentication Bypass
78054 Microsoft .NET Framework Forms Authentication Return URL Handling Arbitrary S...
77908 Microsoft Windows win32k.sys Safari IFRAME Height Attribute Handling Remote M...
77667 Microsoft Windows Active Directory Query Parsing Remote Overflow
77666 Microsoft Windows Kernel Exception Handler Local Privilege Escalation
77665 Microsoft Time ActiveX (DATIME.DLL) Unspecified IE Web Page Handling Remote C...
77663 Microsoft Windows Object Linking and Embedding (OLE) Object File Handling Rem...
77662 Microsoft Windows CSRSS Device Event Message Parsing Local Privilege Escalation
77660 Microsoft Windows Media Player / Center DVR-MS File Handling Remote Memory Co...
76902 Microsoft Windows Active Directory LDAPS CRL Handling Weakness Authentication...
76843 Microsoft Windows Win32k TrueType Font Handling Privilege Escalation
76232 Microsoft Windows Ancillary Function Driver afd.sys Local Privilege Escalation
76231 Microsoft Windows Active Accessibility Path Subversion Arbitrary DLL Injectio...
76221 Microsoft Windows win32k.sys Driver Use-after-free Driver Object Handling Arb...
76220 Microsoft Windows win32k.sys Driver .fon Font File Handling Overflow
76218 Microsoft Windows win32k.sys Driver NULL Dereference Unspecified Arbitrary Co...
75382 Microsoft Windows Shell Extensions Path Subversion Arbitrary DLL Injection Co...

ExploitDB Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
34131 Microsoft XP SP3 - BthPan.sys Arbitrary Write Privilege Escalation
34112 Microsoft XP SP3 MQAC.sys - Arbitrary Write Privilege Escalation
33213 Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
30397 Windows Kernel win32k.sys - Integer Overflow (MS13-101)
30392 Microsoft Windows ndproxy.sys - Local Privilege Escalation
30014 Windows NDPROXY Local SYSTEM Privilege Escalation
29813 Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability
27050 DirectShow Arbitrary Memory Overwrite Vulnerability (MS13-056)
26554 Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation
25389 Multiple Vendor ICMP Message Handling DoS
25388 Multiple Vendor ICMP Implementation Malformed Path MTU DoS
25387 Multiple Vendor ICMP Implementation Spoofed Source Quench Packet DoS
21746 MS Windows 2000/NT 4/XP Network Share Provider SMB Request Buffer Overflow (1)
19037 MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
19002 Microsoft Windows OLE Object File Handling Remote Code Execution
18426 MS12-004 midiOutPlayNextPolyEvent Heap Overflow
18372 Microsoft Windows Assembly Execution Vulnerability MS12-005
18176 MS11-080 Afd.sys Privilege Escalation Exploit
18024 MS11-077 Win32k Null Pointer De-reference Vulnerability POC
17978 MS11-077 .fon Kernel-Mode Buffer Overrun PoC
17659 MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow
17544 GDI+ CreateDashedPath Integer overflow in gdiplus.dll
16590 Internet Explorer DHTML Behaviors Use After Free
16262 MS11-011(CVE-2011-0045): MS Windows XP WmiTraceMessageVa Integer Truncation V...
15985 MS10-073: Win32k Keyboard Layout Vulnerability

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-07-09 Name : Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671...
File : nvt/secpod_ms12-020_remote.nasl
2012-12-18 Name : Fedora Update for xen FEDORA-2012-19828
File : nvt/gb_fedora_2012_19828_xen_fc16.nasl
2012-12-14 Name : Fedora Update for xen FEDORA-2012-19717
File : nvt/gb_fedora_2012_19717_xen_fc17.nasl
2012-12-13 Name : SuSE Update for xen openSUSE-SU-2012:0886-1 (xen)
File : nvt/gb_suse_2012_0886_1.nasl
2012-12-12 Name : Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (...
File : nvt/secpod_ms12-078.nasl
2012-12-12 Name : Microsoft Windows File Handling Component Remote Code Execution Vulnerability...
File : nvt/secpod_ms12-081.nasl
2012-11-23 Name : Fedora Update for xen FEDORA-2012-18242
File : nvt/gb_fedora_2012_18242_xen_fc17.nasl
2012-11-23 Name : Fedora Update for xen FEDORA-2012-18249
File : nvt/gb_fedora_2012_18249_xen_fc16.nasl
2012-11-15 Name : Fedora Update for xen FEDORA-2012-17204
File : nvt/gb_fedora_2012_17204_xen_fc17.nasl
2012-11-15 Name : Fedora Update for xen FEDORA-2012-17408
File : nvt/gb_fedora_2012_17408_xen_fc16.nasl
2012-11-14 Name : Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528)
File : nvt/secpod_ms12-072.nasl
2012-11-14 Name : Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (...
File : nvt/secpod_ms12-075.nasl
2012-10-10 Name : Microsoft Windows Kernel Privilege Elevation Vulnerability (2724197)
File : nvt/secpod_ms12-068.nasl
2012-09-28 Name : Google Chrome Windows Kernel Memory Corruption Vulnerability
File : nvt/gb_google_chrome_mem_crptn_vuln_win.nasl
2012-09-22 Name : Fedora Update for xen FEDORA-2012-13434
File : nvt/gb_fedora_2012_13434_xen_fc17.nasl
2012-09-22 Name : Fedora Update for xen FEDORA-2012-13443
File : nvt/gb_fedora_2012_13443_xen_fc16.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-11182
File : nvt/gb_fedora_2012_11182_xen_fc17.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-11755
File : nvt/gb_fedora_2012_11755_xen_fc17.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-9386
File : nvt/gb_fedora_2012_9386_xen_fc17.nasl
2012-08-24 Name : Fedora Update for xen FEDORA-2012-11785
File : nvt/gb_fedora_2012_11785_xen_fc16.nasl
2012-08-15 Name : Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2723135)
File : nvt/secpod_ms12-053.nasl
2012-08-15 Name : Microsoft Windows Networking Components Remote Code Execution Vulnerabilities...
File : nvt/secpod_ms12-054.nasl
2012-08-15 Name : Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2731...
File : nvt/secpod_ms12-055.nasl
2012-08-10 Name : Debian Security Advisory DSA 2501-1 (xen)
File : nvt/deb_2501_1.nasl
2012-08-10 Name : Debian Security Advisory DSA 2508-1 (kfreebsd-8)
File : nvt/deb_2508_1.nasl

Information Assurance Vulnerability Management (IAVM)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-A-0150 Microsoft Message Queuing Service Privilege Escalation Vulnerability
Severity: Category II - VMSKEY: V0055433
2014-B-0040 Microsoft Windows Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0048685
2014-B-0028 Microsoft Security Account Manager Remote (SAMR) Security Bypass Vulnerability
Severity: Category II - VMSKEY: V0046171
2014-A-0038 Microsoft DirectShow Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0046179
2014-A-0041 Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Driver
Severity: Category I - VMSKEY: V0046299
2014-B-0015 Microsoft XML Core Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0044037
2014-A-0004 Microsoft Windows Kernel Privilege Escalation Vulnerability
Severity: Category II - VMSKEY: V0043405
2013-A-0228 Microsoft Windows Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0042580
2013-A-0232 Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Drivers
Severity: Category I - VMSKEY: V0042582
2013-A-0226 Microsoft LRPC Client Privilege Escalation Vulnerability
Severity: Category II - VMSKEY: V0042591
2013-A-0213 Cumulative Security Update of Microsoft ActiveX Kill Bits
Severity: Category II - VMSKEY: V0042293
2013-A-0214 Microsoft GDI Memory Corruption Vulnerability
Severity: Category II - VMSKEY: V0042294
2013-B-0127 Microsoft Windows Ancillary Function Driver Information Disclosure Vulnerability
Severity: Category II - VMSKEY: V0042302
2013-B-0128 MIcrosoft Windows Digital Signature Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0042304
2013-A-0187 Multiple Vulnerabilities in Microsoft .NET Framework
Severity: Category I - VMSKEY: V0040753
2013-A-0189 Microsoft Windows Common Control Library Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0040760
2013-A-0190 Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Drivers
Severity: Category I - VMSKEY: V0040763
2013-A-0176 Microsoft Windows Object Linking and Embedding (OLE) Remote Code Execution Vu...
Severity: Category II - VMSKEY: V0040290
2013-B-0104 Microsoft Windows Theme File Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0040299
2013-A-0163 Microsoft Windows Remote Procedure Call (RPC) Elevation of Privilege Vulnerab...
Severity: Category I - VMSKEY: V0040034
2013-A-0164 Microsoft Windows Unicode Scripts Processor Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0040037
2013-B-0088 Multiple Privilege Escalation Vulnerabilities in Microsoft Windows Kernel
Severity: Category I - VMSKEY: V0040045
2013-A-0135 Microsoft GDI+ Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0039199
2013-A-0134 Microsoft DirectShow Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0039200
2013-B-0071 Multiple Vulnerabilities in Microsoft .NET Framework and Silverlight
Severity: Category II - VMSKEY: V0039211

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 SMB tapisrv ClientRequest andx object call LSetAppPriority overflow attempt
RuleID : 9999 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest little endian andx object call LSetAppPriority o...
RuleID : 9998 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest WriteAndX unicode little endian andx object call...
RuleID : 9997 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest WriteAndX unicode andx object call LSetAppPriori...
RuleID : 9996 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest WriteAndX little endian andx object call LSetApp...
RuleID : 9995 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest andx object call LSetAppPriority overflow attempt
RuleID : 9994 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest unicode little endian andx LSetAppPriority overf...
RuleID : 9993 - Type : NETBIOS - Revision : 5
2014-01-10 SMB tapisrv ClientRequest WriteAndX unicode little endian andx LSetAppPriorit...
RuleID : 9992 - Type : NETBIOS - Revision : 5
2014-01-10 SMB tapisrv ClientRequest unicode little endian andx LSetAppPriority overflow...
RuleID : 9991 - Type : NETBIOS - Revision : 5
2014-01-10 SMB tapisrv ClientRequest WriteAndX little endian andx LSetAppPriority overfl...
RuleID : 9990 - Type : NETBIOS - Revision : 5
2014-01-10 SMB tapisrv ClientRequest little endian andx LSetAppPriority overflow attempt
RuleID : 9989 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest WriteAndX andx LSetAppPriority overflow attempt
RuleID : 9988 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest unicode andx LSetAppPriority overflow attempt
RuleID : 9987 - Type : NETBIOS - Revision : 4
2014-01-10 SMB tapisrv ClientRequest unicode andx LSetAppPriority overflow attempt
RuleID : 9986 - Type : NETBIOS - Revision : 5
2014-01-10 SMB tapisrv ClientRequest WriteAndX andx LSetAppPriority overflow attempt
RuleID : 9985 - Type : NETBIOS - Revision : 5
2014-01-10 SMB tapisrv ClientRequest WriteAndX unicode andx LSetAppPriority overflow att...
RuleID : 9984 - Type : NETBIOS - Revision : 5
2014-01-10 SMB tapisrv ClientRequest andx LSetAppPriority overflow attempt
RuleID : 9983 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest little endian andx LSetAppPriority overflow attempt
RuleID : 9982 - Type : NETBIOS - Revision : 4
2014-01-10 SMB-DS tapisrv ClientRequest WriteAndX unicode little endian andx LSetAppPrio...
RuleID : 9981 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest WriteAndX unicode andx LSetAppPriority overflow ...
RuleID : 9980 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest WriteAndX little endian andx LSetAppPriority ove...
RuleID : 9979 - Type : NETBIOS - Revision : 5
2014-01-10 SMB v4 tapisrv ClientRequest unicode little endian andx LSetAppPriority overf...
RuleID : 9978 - Type : NETBIOS - Revision : 5
2014-01-10 SMB v4 tapisrv ClientRequest little endian andx LSetAppPriority overflow attempt
RuleID : 9977 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS tapisrv ClientRequest andx LSetAppPriority overflow attempt
RuleID : 9976 - Type : NETBIOS - Revision : 5
2014-01-10 SMB-DS v4 tapisrv ClientRequest WriteAndX andx LSetAppPriority overflow attempt
RuleID : 9975 - Type : NETBIOS - Revision : 5

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-04-03 Name: The remote mail server may be affected by multiple vulnerabilities.
File: exchange_ms10-024.nasl - Type: ACT_GATHER_INFO
2018-04-03 Name: The remote web server may allow remote code execution.
File: iis_7_pci.nasl - Type: ACT_GATHER_INFO
2017-06-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jun_windows8.nasl - Type: ACT_GATHER_INFO
2017-06-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_june_xp_2003.nasl - Type: ACT_GATHER_INFO
2017-05-08 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL23440942.nasl - Type: ACT_GATHER_INFO
2015-09-18 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL4583.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2012-0020.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2012-0021.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2012-0022.nasl - Type: ACT_GATHER_INFO
2014-10-15 Name: The remote Windows host is affected by a privilege escalation vulnerability.
File: smb_nt_ms14-062.nasl - Type: ACT_GATHER_INFO
2014-10-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL10509.nasl - Type: ACT_GATHER_INFO
2014-07-26 Name: The remote Solaris system is missing a security patch from CPU oct2012.
File: solaris_oct2012_SRU10_5.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-403.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-404.nasl - Type: ACT_GATHER_INFO
2014-04-08 Name: The remote Windows host is potentially affected by a remote code execution vu...
File: smb_nt_ms14-019.nasl - Type: ACT_GATHER_INFO
2014-03-11 Name: The remote Windows host is potentially affected by a remote code execution vu...
File: smb_nt_ms14-013.nasl - Type: ACT_GATHER_INFO
2014-03-11 Name: The Windows kernel drivers on the remote host are affected by multiple vulner...
File: smb_nt_ms14-015.nasl - Type: ACT_GATHER_INFO
2014-03-11 Name: The remote Windows host is affected by a security feature bypass vulnerability.
File: smb_nt_ms14-016.nasl - Type: ACT_GATHER_INFO
2014-03-10 Name: Arbitrary code can be executed on the remote host through the Microsoft GDI r...
File: smb_kb957488.nasl - Type: ACT_GATHER_INFO
2014-03-05 Name: The DNS server running on the remote host is vulnerable to DNS spoofing attacks.
File: ms_dns_kb951746.nasl - Type: ACT_GATHER_INFO
2014-02-12 Name: The remote host is affected by an information disclosure vulnerability.
File: smb_nt_ms14-005.nasl - Type: ACT_GATHER_INFO
2014-01-14 Name: The Windows kernel on the remote host is affected by a privilege escalation v...
File: smb_nt_ms14-002.nasl - Type: ACT_GATHER_INFO
2013-12-11 Name: The remote host is affected by a remote code execution vulnerability.
File: smb_nt_ms13-099.nasl - Type: ACT_GATHER_INFO
2013-12-11 Name: The Windows kernel drivers on the remote host are affected by multiple vulner...
File: smb_nt_ms13-101.nasl - Type: ACT_GATHER_INFO
2013-12-11 Name: A client on the host is vulnerable to a privilege escalation vulnerability.
File: smb_nt_ms13-102.nasl - Type: ACT_GATHER_INFO