CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Windows Vista : Security Vulnerabilities Published In 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-5351 94 Exec Code 2007-12-11 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
2 CVE-2007-5350 264 +Priv 2007-12-11 2018-10-15
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths."
3 CVE-2007-5133 189 DoS Overflow 2007-09-27 2019-04-30
7.1
None Remote Medium Not required None None Complete
Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png.
4 CVE-2007-4677 119 Exec Code Overflow 2007-11-07 2018-10-26
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values.
5 CVE-2007-4676 119 Exec Code Overflow 2007-11-07 2018-10-26
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.
6 CVE-2007-4675 119 Exec Code Overflow 2007-11-07 2018-10-26
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.
7 CVE-2007-4247 DoS 2007-08-08 2018-10-15
4.3
None Remote Medium Not required None None Partial
Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file.
8 CVE-2007-3891 Exec Code 2007-08-14 2018-10-12
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes.
9 CVE-2007-3751 Exec Code +Priv 2007-11-07 2018-10-26
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.
10 CVE-2007-3671 2007-07-10 2008-11-15
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07.
11 CVE-2007-3091 362 Exec Code 2007-06-06 2018-10-30
7.1
None Remote Medium Not required None None Complete
Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability."
12 CVE-2007-3038 Bypass +Info 2007-07-10 2018-10-16
7.8
None Remote Low Not required Complete None None
The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability."
13 CVE-2007-3036 264 +Priv 2007-09-11 2018-10-12
6.9
Admin Local Medium Not required Complete Complete Complete
Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
14 CVE-2007-3033 79 Exec Code XSS 2007-08-14 2018-10-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone.
15 CVE-2007-3032 Exec Code 2007-08-14 2018-10-12
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported.
16 CVE-2007-2229 264 +Info 2007-06-12 2018-10-16
7.2
Admin Local Low Not required Complete Complete Complete
Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store ACLs Information Disclosure Vulnerability."
17 CVE-2007-2228 DoS 2007-10-09 2018-10-16
7.8
None Remote Low Not required None None Complete
rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
18 CVE-2007-1765 DoS Exec Code Mem. Corr. 2007-03-29 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
19 CVE-2007-1763 DoS Overflow 2007-03-29 2017-07-28
7.1
None Remote Medium Not required None None Complete
The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow.
20 CVE-2007-1658 2007-03-24 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).
21 CVE-2007-1535 2007-03-20 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo.
22 CVE-2007-1534 2007-03-20 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
23 CVE-2007-1533 2007-03-20 2018-10-16
5.0
None Remote Low Not required None Partial None
The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks.
24 CVE-2007-1532 2007-03-20 2018-10-16
6.4
None Remote Low Not required Partial Partial None
The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements.
25 CVE-2007-1531 399 DoS 2007-03-20 2018-10-16
5.0
None Remote Low Not required None None Partial
Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.
26 CVE-2007-1530 DoS 2007-03-20 2018-10-16
5.0
None Remote Low Not required None None Partial
The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error.
27 CVE-2007-1529 2007-03-20 2018-10-16
4.3
None Remote Medium Not required None Partial None
The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack.
28 CVE-2007-1528 2007-03-20 2018-10-16
5.0
None Remote Low Not required None Partial None
The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack.
29 CVE-2007-1527 2007-03-20 2018-10-16
5.0
None Remote Low Not required None Partial None
The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack.
30 CVE-2007-1215 Overflow +Priv 2007-04-04 2018-10-16
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images.
31 CVE-2007-1212 Overflow +Priv 2007-04-04 2018-10-16
6.6
Admin Local Medium Single system Complete Complete Complete
Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file.
32 CVE-2007-1209 399 +Priv 2007-04-10 2018-10-16
7.2
Admin Local Low Not required Complete Complete Complete
Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
33 CVE-2007-0843 264 Bypass 2007-02-22 2018-10-16
4.6
User Local Low Not required Partial Partial Partial
The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
34 CVE-2007-0675 94 2007-02-02 2018-10-12
7.6
Admin Remote High Not required Complete Complete Complete
A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer.
35 CVE-2007-0038 119 DoS Exec Code Overflow Mem. Corr. 2007-03-30 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.
Total number of vulnerabilities : 35   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.