CVE-2009-0081
- EPSS 32.11%
- Veröffentlicht 10.03.2009 20:30:00
- Zuletzt bearbeitet 16.06.2026 23:04:13
The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote...
- EPSS 1.45%
- Veröffentlicht 28.01.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:04:45
Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe...
CVE-2009-0243
- EPSS 6.28%
- Veröffentlicht 21.01.2009 20:30:00
- Zuletzt bearbeitet 16.06.2026 23:04:34
Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device,...
- EPSS 45.76%
- Veröffentlicht 14.01.2009 22:30:00
- Zuletzt bearbeitet 16.06.2026 22:58:38
Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Tra...
- EPSS 44.93%
- Veröffentlicht 14.01.2009 22:30:00
- Zuletzt bearbeitet 16.06.2026 22:58:38
SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets...
CVE-2008-4268
- EPSS 20.68%
- Veröffentlicht 10.12.2008 14:00:01
- Zuletzt bearbeitet 16.06.2026 22:57:31
The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search f...
CVE-2008-4269
- EPSS 20.52%
- Veröffentlicht 10.12.2008 14:00:01
- Zuletzt bearbeitet 16.06.2026 22:57:31
The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML docum...
CVE-2008-2249
- EPSS 31.12%
- Veröffentlicht 10.12.2008 14:00:00
- Zuletzt bearbeitet 16.06.2026 22:53:24
Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffe...
CVE-2008-3465
- EPSS 13.67%
- Veröffentlicht 10.12.2008 14:00:00
- Zuletzt bearbeitet 16.06.2026 22:55:52
Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WM...
CVE-2008-5229
- EPSS 2.59%
- Veröffentlicht 25.11.2008 23:30:00
- Zuletzt bearbeitet 16.06.2026 22:59:31
Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a lar...