CVE-2010-0027
- EPSS 33.99%
- Veröffentlicht 22.01.2010 22:00:00
- Zuletzt bearbeitet 16.06.2026 23:15:16
The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attac...
CVE-2010-0018
- EPSS 26.52%
- Veröffentlicht 13.01.2010 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:15:14
Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows re...
- EPSS 31.61%
- Veröffentlicht 09.12.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:36
The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute a...
CVE-2009-2508
- EPSS 1.26%
- Veröffentlicht 09.12.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:36
The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate...
- EPSS 17.05%
- Veröffentlicht 09.12.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:36
Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request...
CVE-2009-3671
- EPSS 21.04%
- Veröffentlicht 09.12.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:08
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Unini...
CVE-2009-3673
- EPSS 25.35%
- Veröffentlicht 09.12.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:08
Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka ...
CVE-2009-3674
- EPSS 26.26%
- Veröffentlicht 09.12.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:08
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Unini...
- EPSS 21.82%
- Veröffentlicht 09.12.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:09
The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol ...
CVE-2009-3676
- EPSS 34.34%
- Veröffentlicht 13.11.2009 15:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:08
The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that co...