| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped. |
| Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers. |
| Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences. |
| Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier. |
| Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. |
| The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability." |
| Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability." |
| Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." |
| Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file. |
| Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability." |
| win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability." |
| The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability." |
| Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. |
| Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability." |
| Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability." |
| Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." |
| The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector. |
| Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214. |
| Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. |
| Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a kernel structure, a related issue to CVE-2005-4560. |
