CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Windows Xp : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-0317 264 Bypass 2014-03-12 2014-03-12
5.4
None Remote High Not required None Complete None
The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka "SAMR Security Feature Bypass Vulnerability."
2 CVE-2013-3869 20 DoS 2013-11-12 2013-12-19
5.0
None Remote Low Not required None None Partial
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a denial of service (daemon hang) via a web-service request containing a crafted X.509 certificate that is not properly handled during validation, aka "Digital Signatures Vulnerability."
3 CVE-2012-1850 20 DoS 2012-08-14 2013-11-02
5.0
None Remote Low Not required None None Partial
The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
4 CVE-2010-0025 200 +Info 2010-04-14 2011-07-18
5.0
None Remote Low Not required Partial None None
The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
5 CVE-2010-0024 20 DoS 2010-04-14 2010-08-21
5.0
None Remote Low Not required None None Partial
The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
6 CVE-2009-2196 2009-08-12 2009-08-18
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.
7 CVE-2009-0089 20 2009-04-15 2010-08-21
5.8
None Remote Medium Not required None Partial Partial
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
8 CVE-2007-1531 DoS 2007-03-20 2008-11-13
5.0
None Remote Low Not required None None Partial
Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.
9 CVE-2006-7210 3 DoS 2007-06-27 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
10 CVE-2006-6659 DoS 2006-12-19 2008-09-05
5.0
None Remote Low Not required None None Partial
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.
11 CVE-2006-4692 Exec Code 2006-10-10 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
12 CVE-2006-4689 DoS 2006-11-14 2008-09-05
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
13 CVE-2006-3880 DoS 2006-07-26 2008-09-05
5.0
None Remote Low Not required None None Partial
** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
14 CVE-2006-3351 DoS Exec Code Overflow 2006-07-05 2008-09-05
5.4
None Remote High Not required None None Complete
Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers.
15 CVE-2006-1591 Exec Code Overflow 2006-04-03 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file.
16 CVE-2006-1184 DoS 2006-05-09 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
17 CVE-2006-0012 Exec Code 2006-04-11 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
18 CVE-2005-4717 DoS 2005-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
19 CVE-2005-2307 DoS 2005-07-19 2008-09-10
5.0
None Remote Low Not required None None Partial
netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
20 CVE-2005-2119 2005-10-12 2008-09-10
5.0
None Remote Low Not required None Partial None
The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.
21 CVE-2005-2118 Exec Code Overflow 2005-10-21 2008-09-10
5.1
User Remote High Not required Partial Partial Partial
Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
22 CVE-2005-2117 Exec Code 2005-10-21 2008-09-10
5.1
User Remote High Not required Partial Partial Partial
Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
23 CVE-2005-1980 DoS 2005-10-12 2008-09-10
5.0
None Remote Low Not required None None Partial
Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability."
24 CVE-2005-1979 DoS 2005-10-12 2008-09-10
5.0
None Remote Low Not required None None Partial
Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.
25 CVE-2005-1792 DoS 2005-06-01 2008-09-05
5.0
None Remote Low Not required None None Partial
Memory leak in Windows Management Instrumentation (WMI) service allows attackers to cause a denial of service (memory consumption and crash) by creating security contexts more quickly than they can be cleared from the RPC cache.
26 CVE-2005-1649 DoS 2005-05-18 2008-09-05
5.0
None Remote Low Not required None None Partial
The IpV6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
27 CVE-2005-1218 DoS 2005-08-10 2008-09-10
5.0
None Remote Low Not required None None Partial
The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
28 CVE-2005-1214 Exec Code 2005-06-14 2008-09-10
5.1
User Remote High Not required Partial Partial Partial
Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.
29 CVE-2005-1184 DoS 2005-05-02 2008-09-05
5.0
None Remote Low Not required None None Partial
The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" packets. NOTE: some followups indicate that this issue could not be replicated.
30 CVE-2005-0954 DoS 2005-05-02 2008-09-05
5.0
None Remote Low Not required None None Partial
Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a malformed Windows Metafile (WMF) file.
31 CVE-2005-0688 DoS 2005-03-05 2008-09-10
5.0
None Remote Low Not required None None Partial
Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
32 CVE-2005-0356 DoS 2005-05-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
33 CVE-2004-2527 DoS 2004-12-31 2008-09-05
5.4
None Remote High Not required None None Complete
The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
34 CVE-2004-2307 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A.
35 CVE-2004-1623 DoS 2004-10-22 2008-09-05
5.0
None Remote Low Not required None None Partial
The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF.
36 CVE-2004-1361 Exec Code Overflow 2004-12-23 2008-09-05
5.0
None Remote Low Not required None Partial None
Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.
37 CVE-2004-1319 2004-12-15 2008-09-10
5.0
None Remote Low Not required None Partial None
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.
38 CVE-2004-1306 Exec Code Overflow 2004-12-31 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file.
39 CVE-2004-1305 DoS 2004-12-23 2008-09-10
5.0
None Remote Low Not required None None Partial
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.
40 CVE-2004-1049 Exec Code Overflow 2004-12-31 2008-09-10
5.1
User Remote High Not required Partial Partial Partial
Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."
41 CVE-2004-1043 Exec Code 2004-12-31 2008-09-10
5.0
None Remote Low Not required None Partial None
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."
42 CVE-2004-0839 2004-08-18 2008-09-10
5.0
None Remote Low Not required None Partial None
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
43 CVE-2004-0790 DoS 2005-04-12 2008-09-10
5.0
None Remote Low Not required None None Partial
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
44 CVE-2004-0474 2004-07-07 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Help Center (HelpCtr.exe) may allow remote attackers to read or execute arbitrary files via an "http://" or "file://" argument to the topic parameter in an hcp:// URL. NOTE: since the initial report of this problem, several researchers have been unable to reproduce this issue.
45 CVE-2004-0202 DoS 2004-08-06 2008-09-10
5.0
None Remote Low Not required None None Partial
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
46 CVE-2004-0199 Exec Code 2004-06-14 2008-09-10
5.1
User Remote High Not required Partial Partial Partial
Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
47 CVE-2004-0120 DoS 2004-06-01 2008-09-10
5.0
None Remote Low Not required None None Partial
The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
48 CVE-2004-0116 DoS 2004-06-01 2008-09-10
5.0
None Remote Low Not required None None Partial
An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
49 CVE-2003-0907 Exec Code 2004-06-01 2008-09-10
5.1
User Remote High Not required Partial Partial Partial
Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.
50 CVE-2003-0824 DoS 2003-12-15 2008-09-10
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
Total number of vulnerabilities : 70   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.