| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-2558 |
|
|
DoS |
2013-03-12 |
2013-03-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Microsoft Windows 8 allows remote attackers to cause a denial of service (reboot) or possibly have unknown other impact via a crafted TrueType Font (TTF) file, as demonstrated by the 120612-69701-01.dmp error report. |
|
2 |
CVE-2013-2557 |
119 |
|
DoS Overflow Mem. Corr. |
2013-03-11 |
2013-03-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013. |
|
3 |
CVE-2013-1346 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-05-15 |
2013-05-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 on x64 platforms allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. |
|
4 |
CVE-2013-1305 |
119 |
|
DoS Overflow |
2013-05-14 |
2013-05-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability." |
|
5 |
CVE-2013-1293 |
|
|
DoS +Priv |
2013-04-09 |
2013-04-10 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability." |
|
6 |
CVE-2013-1291 |
20 |
|
DoS |
2013-04-09 |
2013-04-10 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability." |
|
7 |
CVE-2013-1282 |
20 |
|
DoS |
2013-04-09 |
2013-04-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption and service outage) via a crafted query, aka "Memory Consumption Vulnerability." |
|
8 |
CVE-2013-1281 |
399 |
|
DoS |
2013-02-13 |
2013-02-13 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability." |
|
9 |
CVE-2013-0992 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
10 |
CVE-2013-0894 |
119 |
|
DoS Overflow |
2013-02-23 |
2013-04-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size. |
|
11 |
CVE-2013-0890 |
119 |
|
DoS Overflow Mem. Corr. |
2013-02-23 |
2013-04-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors. |
|
12 |
CVE-2013-0880 |
399 |
|
DoS |
2013-02-23 |
2013-04-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases. |
|
13 |
CVE-2013-0085 |
119 |
|
DoS Overflow |
2013-03-12 |
2013-05-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability." |
|
14 |
CVE-2013-0075 |
|
|
DoS |
2013-02-13 |
2013-02-13 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability." |
|
15 |
CVE-2013-0011 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-01-09 |
2013-02-25 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability." |
|
16 |
CVE-2013-0005 |
20 |
|
DoS |
2013-01-09 |
2013-02-25 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability." |
|
17 |
CVE-2012-5672 |
|
|
DoS |
2012-10-25 |
2012-11-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data. |
|
18 |
CVE-2012-4791 |
94 |
|
DoS |
2012-12-11 |
2013-02-25 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability." |
|
19 |
CVE-2012-2857 |
399 |
|
DoS |
2012-08-06 |
2013-03-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. |
|
20 |
CVE-2012-2551 |
|
|
DoS |
2012-10-09 |
2013-03-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability." |
|
21 |
CVE-2012-2550 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-10-09 |
2013-03-01 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Works 9 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Word .doc file, aka "Works Heap Vulnerability." |
|
22 |
CVE-2012-2539 |
399 |
|
DoS Exec Code Mem. Corr. |
2012-12-11 |
2013-02-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote Code Execution Vulnerability." |
|
23 |
CVE-2012-2524 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-08-14 |
2013-01-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability." |
|
24 |
CVE-2012-1889 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-06-13 |
2013-03-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. |
|
25 |
CVE-2012-1886 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-11-13 |
2013-03-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability." |
|
26 |
CVE-2012-1860 |
264 |
|
DoS +Info |
2012-07-10 |
2012-08-13 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability." |
|
27 |
CVE-2012-1850 |
20 |
|
DoS |
2012-08-14 |
2013-01-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability." |
|
28 |
CVE-2012-1545 |
119 |
|
DoS Overflow Mem. Corr. Bypass |
2012-03-09 |
2012-03-12 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. |
|
29 |
CVE-2012-0183 |
|
|
DoS Exec Code Mem. Corr. |
2012-05-08 |
2013-01-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability." |
|
30 |
CVE-2012-0164 |
|
|
DoS |
2012-05-08 |
2012-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability." |
|
31 |
CVE-2012-0156 |
20 |
|
DoS |
2012-03-13 |
2012-08-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability." |
|
32 |
CVE-2012-0152 |
20 |
|
DoS |
2012-03-13 |
2013-03-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability." |
|
33 |
CVE-2012-0006 |
399 |
|
DoS |
2012-03-13 |
2013-03-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability." |
|
34 |
CVE-2011-5046 |
20 |
1
|
DoS Exec Code Mem. Corr. |
2011-12-30 |
2012-11-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability." |
|
35 |
CVE-2011-3414 |
399 |
|
DoS |
2011-12-29 |
2013-01-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability." |
|
36 |
CVE-2011-3413 |
94 |
|
DoS Exec Code Mem. Corr. |
2011-12-13 |
2013-01-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability." |
|
37 |
CVE-2011-2600 |
264 |
|
DoS |
2011-06-30 |
2011-07-12 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK. |
|
38 |
CVE-2011-2012 |
20 |
|
DoS |
2011-10-11 |
2012-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash." |
|
39 |
CVE-2011-2008 |
20 |
|
DoS |
2011-10-11 |
2012-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability." |
|
40 |
CVE-2011-2007 |
20 |
|
DoS |
2011-10-11 |
2012-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability." |
|
41 |
CVE-2011-2004 |
20 |
|
DoS |
2011-11-08 |
2012-01-26 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402. |
|
42 |
CVE-2011-2002 |
20 |
|
DoS |
2011-10-11 |
2012-01-26 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability." |
|
43 |
CVE-2011-1985 |
|
|
DoS +Priv |
2011-10-11 |
2012-01-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability." |
|
44 |
CVE-2011-1971 |
399 |
|
DoS |
2011-08-10 |
2011-09-21 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability." |
|
45 |
CVE-2011-1970 |
119 |
|
DoS Overflow Mem. Corr. |
2011-08-10 |
2011-10-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability." |
|
46 |
CVE-2011-1968 |
399 |
|
DoS |
2011-08-10 |
2011-10-04 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability." |
|
47 |
CVE-2011-1965 |
399 |
|
DoS |
2011-08-10 |
2012-02-13 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability." |
|
48 |
CVE-2011-1872 |
399 |
|
DoS |
2011-06-16 |
2011-09-06 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability." |
|
49 |
CVE-2011-1871 |
399 |
|
DoS |
2011-08-10 |
2011-10-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability." |
|
50 |
CVE-2011-1870 |
189 |
|
DoS Overflow +Priv Mem. Corr. |
2011-07-13 |
2011-10-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability." |
