Total
1338 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1435 | 1 Microsoft | 2 Windows-nt, Windows Vista | 2018-10-12 | 9.3 HIGH | N/A |
| Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability." | |||||
| CVE-2008-0951 | 1 Microsoft | 1 Windows Vista | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions. | |||||
| CVE-2008-1084 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2018-10-12 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys. | |||||
| CVE-2008-1441 | 1 Microsoft | 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more | 2018-10-12 | 5.4 MEDIUM | N/A |
| Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability." | |||||
| CVE-2007-3891 | 1 Microsoft | 1 Windows Vista | 2018-10-12 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes. | |||||
| CVE-2007-6255 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows Server 2003 and 2 more | 2018-10-12 | 9.3 HIGH | N/A |
| Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method. | |||||
| CVE-2008-0011 | 1 Microsoft | 6 Directx, Windows-nt, Windows 2000 and 3 more | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability." | |||||
| CVE-2008-0084 | 1 Microsoft | 1 Windows Vista | 2018-10-12 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet. | |||||
| CVE-2007-3033 | 1 Microsoft | 1 Windows Vista | 2018-10-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone. | |||||
| CVE-2007-3036 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Services For Unix and 2 more | 2018-10-12 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." | |||||
| CVE-2007-3032 | 1 Microsoft | 1 Windows Vista | 2018-10-12 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported. | |||||
| CVE-2007-0065 | 1 Microsoft | 6 Office, Visual Basic, Windows 2000 and 3 more | 2018-10-12 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. | |||||
| CVE-2007-0675 | 1 Microsoft | 1 Windows Vista | 2018-10-12 | 7.6 HIGH | N/A |
| A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. | |||||
| CVE-2008-7211 | 2 Microsoft, Soundblaster | 2 Windows Vista, Ensoniq Pci Es1371 Wdm Driver | 2018-10-11 | 6.9 MEDIUM | N/A |
| CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Ensoniq PCI 1371 sound cards and when running on Windows Vista, does not create a Functional Device Object (FDO) to prevent user-moade access to the Physical Device Object (PDO), which allows local users to gain SYSTEM privileges via a crafted IRP request that dereferences a NULL FsContext pointer. | |||||
| CVE-2008-5715 | 2 Microsoft, Mozilla | 2 Windows Vista, Firefox | 2018-10-11 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU consumption and application hang in unspecified circumstances perhaps involving other platforms. | |||||
| CVE-2008-5229 | 1 Microsoft | 1 Windows Vista | 2018-10-11 | 6.9 MEDIUM | N/A |
| Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries. | |||||
| CVE-2008-3842 | 1 Microsoft | 5 .net Framework, Windows-nt, Windows 2000 and 2 more | 2018-10-11 | 4.3 MEDIUM | N/A |
| Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence. | |||||
| CVE-2008-3365 | 2 Microsoft, Pixelpost | 7 Windows, Windows-nt, Windows 2000 and 4 more | 2018-10-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter. | |||||
| CVE-2008-1931 | 2 Microsoft, Realtek | 3 Windows-nt, Windows Vista, Hd Audio Codec Drivers | 2018-10-11 | 6.8 MEDIUM | N/A |
| Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allow local users to create, write, and read registry keys via a crafted IOCTL request. | |||||
| CVE-2008-1932 | 2 Microsoft, Realtek | 3 Windows-nt, Windows Vista, Hd Audio Codec Drivers | 2018-10-11 | 6.8 MEDIUM | N/A |
| Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allows local users to execute arbitrary code via a crafted IOCTL request. | |||||