| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability." |
| The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. |
| The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability." |
| NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations. |
| Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability." |
| Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow. |
| Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow. |
| Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510. |
| Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file. |
| The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability." |
| Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. |
| The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898. |
| Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. |
| Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026. |
| Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. |
| The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692. |
| Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown; the details are obtained from third party information. As of 20061116, this disclosure has no actionable information. However, since the VulnDisco Pack author is a reliable researcher, the disclosure is being assigned a CVE identifier for tracking purposes. |
| The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability." |
| The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability." |
| Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll. |
