CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Windows Xp : Security Vulnerabilities Published In 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-2527 DoS 2004-12-31 2008-09-05
5.4
None Remote High Not required None None Complete
The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
2 CVE-2004-2365 DoS 2004-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
3 CVE-2004-2339 Exec Code 2004-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
4 CVE-2004-2307 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A.
5 CVE-2004-2290 Exec Code 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder.
6 CVE-2004-2289 Exec Code 2004-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file.
7 CVE-2004-2176 Bypass 2004-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls.
8 CVE-2004-1623 DoS 2004-10-22 2008-09-05
5.0
None Remote Low Not required None None Partial
The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF.
9 CVE-2004-1361 Exec Code Overflow 2004-12-23 2008-09-05
5.0
None Remote Low Not required None Partial None
Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.
10 CVE-2004-1319 2004-12-15 2008-09-10
5.0
None Remote Low Not required None Partial None
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.
11 CVE-2004-1306 Exec Code Overflow 2004-12-31 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file.
12 CVE-2004-1305 DoS 2004-12-23 2008-09-10
5.0
None Remote Low Not required None None Partial
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.
13 CVE-2004-1049 Exec Code Overflow 2004-12-31 2008-09-10
5.1
User Remote High Not required Partial Partial Partial
Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."
14 CVE-2004-1043 Exec Code 2004-12-31 2008-09-10
5.0
None Remote Low Not required None Partial None
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."
15 CVE-2004-0979 2004-12-31 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.
16 CVE-2004-0840 Exec Code 2004-11-03 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
17 CVE-2004-0839 2004-08-18 2008-09-10
5.0
None Remote Low Not required None Partial None
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
18 CVE-2004-0575 Exec Code Overflow 2004-11-03 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
19 CVE-2004-0474 2004-07-07 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Help Center (HelpCtr.exe) may allow remote attackers to read or execute arbitrary files via an "http://" or "file://" argument to the topic parameter in an hcp:// URL. NOTE: since the initial report of this problem, several researchers have been unable to reproduce this issue.
20 CVE-2004-0214 DoS Exec Code Overflow 2004-11-03 2013-08-06
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
21 CVE-2004-0212 Exec Code Overflow 2004-08-06 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
22 CVE-2004-0209 Exec Code 2004-11-03 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
23 CVE-2004-0208 +Priv 2004-11-03 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
24 CVE-2004-0207 +Priv 2004-11-03 2008-09-05
2.1
None Local Low Not required None Partial None
"Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
25 CVE-2004-0206 Exec Code Overflow +Priv 2004-11-03 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
26 CVE-2004-0202 DoS 2004-08-06 2008-09-10
5.0
None Remote Low Not required None None Partial
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
27 CVE-2004-0201 Exec Code Overflow 2004-08-06 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
28 CVE-2004-0200 Exec Code Overflow 2004-09-28 2008-09-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
29 CVE-2004-0199 Exec Code 2004-06-14 2008-09-10
5.1
User Remote High Not required Partial Partial Partial
Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
30 CVE-2004-0124 2004-06-01 2008-09-10
2.6
None Remote High Not required Partial None None
The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
31 CVE-2004-0123 119 DoS Exec Code Overflow 2004-06-01 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
32 CVE-2004-0120 DoS 2004-06-01 2008-09-10
5.0
None Remote Low Not required None None Partial
The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
33 CVE-2004-0119 DoS Exec Code 2004-06-01 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.
34 CVE-2004-0117 Exec Code 2004-06-01 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.
35 CVE-2004-0116 DoS 2004-06-01 2008-09-10
5.0
None Remote Low Not required None None Partial
An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
36 CVE-2003-0909 Exec Code 2004-06-01 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability."
37 CVE-2003-0907 Exec Code 2004-06-01 2008-09-10
5.1
User Remote High Not required Partial Partial Partial
Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.
38 CVE-2003-0906 Exec Code Overflow 2004-06-01 2008-09-10
7.6
Admin Remote High Not required Complete Complete Complete
Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
39 CVE-2003-0818 Exec Code Overflow 2004-03-03 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
40 CVE-2003-0807 DoS Overflow 2004-06-01 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
41 CVE-2003-0806 Exec Code Overflow 2004-06-01 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
42 CVE-2003-0719 Exec Code Overflow 2004-06-01 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
43 CVE-2003-0533 Exec Code Overflow 2004-06-01 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
44 CVE-2002-0034 2004-02-03 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
Total number of vulnerabilities : 44   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.