Microsoft

Windows Xp

739 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.6

CVE-2007-0843

Exploit
  • EPSS 0.39%
  • Published 23.02.2007 02:28:00
  • Last modified 09.04.2025 00:30:58

The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDir...

9.3

CVE-2006-1311

  • EPSS 73.65%
  • Published 13.02.2007 20:28:00
  • Last modified 09.04.2025 00:30:58

The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute ar...

7.6

CVE-2007-0026

  • EPSS 52.41%
  • Published 13.02.2007 20:28:00
  • Last modified 09.04.2025 00:30:58

The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.

7.2

CVE-2007-0210

  • EPSS 1.94%
  • Published 13.02.2007 20:28:00
  • Last modified 09.04.2025 00:30:58

The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow.

7.2

CVE-2007-0211

  • EPSS 2.35%
  • Published 13.02.2007 20:28:00
  • Last modified 09.04.2025 00:30:58

The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of...

9.3

CVE-2007-0214

  • EPSS 62.47%
  • Published 13.02.2007 20:28:00
  • Last modified 09.04.2025 00:30:58

The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.

6.6

CVE-2006-6797

  • EPSS 1.25%
  • Published 28.12.2006 15:28:00
  • Last modified 09.04.2025 00:30:58

The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a differe...

7.8

CVE-2006-6723

  • EPSS 57.16%
  • Published 26.12.2006 20:28:00
  • Last modified 09.04.2025 00:30:58

The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.

6.9

CVE-2006-6696

  • EPSS 7.48%
  • Published 22.12.2006 02:28:00
  • Last modified 09.04.2025 00:30:58

Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Serv...

5

CVE-2006-6659

Exploit
  • EPSS 22.97%
  • Published 20.12.2006 02:28:00
  • Last modified 09.04.2025 00:30:58

The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.