|
|
Cpe Name: cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-3175 |
264 |
|
Exec Code |
2013-08-14 |
2020-09-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a malformed asynchronous RPC request, aka "Remote Procedure Call Vulnerability." |
|
2 |
CVE-2010-1886 |
264 |
|
+Priv |
2010-08-16 |
2018-10-30 |
6.8 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
|
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary." |
|
3 |
CVE-2010-1735 |
20 |
|
DoS |
2010-05-06 |
2019-04-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. |
|
4 |
CVE-2010-1734 |
20 |
|
DoS |
2010-05-06 |
2021-07-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. |
|
5 |
CVE-2009-2516 |
20 |
|
+Priv |
2009-10-14 |
2019-02-26 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability." |
|
6 |
CVE-2009-2515 |
189 |
|
+Priv |
2009-10-14 |
2019-02-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability." |
|
7 |
CVE-2009-1926 |
|
|
DoS |
2009-09-08 |
2019-02-26 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability." |
|
8 |
CVE-2008-4609 |
16 |
|
DoS |
2008-10-20 |
2021-07-07 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. |
|
9 |
CVE-2007-2374 |
|
|
Exec Code |
2007-04-30 |
2019-04-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. |
|
10 |
CVE-2007-2237 |
|
|
DoS |
2007-06-06 |
2018-10-16 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error. |
|
11 |
CVE-2007-1492 |
|
|
DoS |
2007-03-16 |
2008-11-13 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file. |
|
12 |
CVE-2007-0843 |
264 |
|
Bypass |
2007-02-23 |
2021-08-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. |
Total number of vulnerabilities : 12
Page :
1
(This Page)
|
|
