|
|
Microsoft » Windows Vista : Security Vulnerabilities (CVSS score between 5 and 5.99)
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2016-3263 |
200 |
|
Bypass +Info |
2016-10-14 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3262. |
|
2 |
CVE-2016-3262 |
200 |
|
Bypass +Info |
2016-10-14 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3263. |
|
3 |
CVE-2016-3209 |
200 |
|
Bypass +Info |
2016-10-14 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability." |
|
4 |
CVE-2016-0128 |
254 |
|
|
2016-04-12 |
2019-09-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "Windows SAM and LSAD Downgrade Vulnerability" or "BADLOCK." |
|
5 |
CVE-2015-6112 |
310 |
|
+Info |
2015-11-11 |
2019-05-16 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 lacks the required extended master-secret binding support to ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "Schannel TLS Triple Handshake Vulnerability." |
|
6 |
CVE-2015-2417 |
20 |
|
+Priv |
2015-07-14 |
2019-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "OLE Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2416. |
|
7 |
CVE-2015-2416 |
20 |
|
+Priv |
2015-07-14 |
2019-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "OLE Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2417. |
|
8 |
CVE-2015-1716 |
200 |
|
+Info |
2015-05-13 |
2019-05-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict Diffie-Hellman Ephemeral (DHE) key lengths, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, aka "Schannel Information Disclosure Vulnerability." |
|
9 |
CVE-2015-0095 |
476 |
|
DoS Bypass +Info |
2015-03-11 |
2019-05-14 |
5.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Complete |
|
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service (NULL pointer dereference and blue screen), or obtain sensitive information from kernel memory and possibly bypass the ASLR protection mechanism, via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability." |
|
10 |
CVE-2015-0089 |
200 |
|
Bypass +Info |
2015-03-11 |
2019-05-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possibly bypass the KASLR protection mechanism, via a crafted font, aka "Adobe Font Driver Information Disclosure Vulnerability," a different vulnerability than CVE-2015-0087. |
|
11 |
CVE-2015-0087 |
200 |
|
Bypass +Info |
2015-03-11 |
2019-05-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possibly bypass the KASLR protection mechanism, via a crafted font, aka "Adobe Font Driver Information Disclosure Vulnerability," a different vulnerability than CVE-2015-0089. |
|
12 |
CVE-2014-6355 |
200 |
|
Bypass +Info |
2014-12-11 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Graphics Component in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly process JPEG images, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Graphics Component Information Disclosure Vulnerability." |
|
13 |
CVE-2014-1811 |
399 |
|
DoS |
2014-06-11 |
2019-05-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The TCP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (non-paged pool memory consumption and system hang) via malformed data in the Options field of a TCP header, aka "TCP Denial of Service Vulnerability." |
|
14 |
CVE-2014-0317 |
264 |
|
Bypass |
2014-03-12 |
2020-09-28 |
5.4 |
None |
Remote |
High |
Not required |
None |
Complete |
None |
|
The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka "SAMR Security Feature Bypass Vulnerability." |
|
15 |
CVE-2013-3869 |
20 |
|
DoS |
2013-11-13 |
2019-05-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a denial of service (daemon hang) via a web-service request containing a crafted X.509 certificate that is not properly handled during validation, aka "Digital Signatures Vulnerability." |
|
16 |
CVE-2013-3868 |
20 |
|
DoS |
2013-09-11 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Active Directory Lightweight Directory Service (AD LDS) on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 and Active Directory Services on Windows Server 2008 SP2 and R2 SP1 and Server 2012 allow remote attackers to cause a denial of service (LDAP directory-service outage) via a crafted LDAP query, aka "Remote Anonymous DoS Vulnerability." |
|
17 |
CVE-2013-0013 |
264 |
|
Bypass |
2013-01-09 |
2020-09-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability." |
|
18 |
CVE-2012-1850 |
20 |
|
DoS |
2012-08-15 |
2020-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability." |
|
19 |
CVE-2009-0089 |
20 |
|
|
2009-04-15 |
2019-02-26 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability." |
|
20 |
CVE-2008-1441 |
20 |
|
DoS |
2008-06-12 |
2018-10-12 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability." |
|
21 |
CVE-2007-1533 |
|
|
|
2007-03-20 |
2018-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks. |
|
22 |
CVE-2007-1531 |
399 |
|
DoS |
2007-03-20 |
2018-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host. |
|
23 |
CVE-2007-1530 |
|
|
DoS |
2007-03-20 |
2018-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error. |
|
24 |
CVE-2007-1528 |
|
|
|
2007-03-20 |
2018-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack. |
|
25 |
CVE-2007-1527 |
|
|
|
2007-03-20 |
2018-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack. |
Total number of vulnerabilities : 25
Page :
1
(This Page)
|
|
