CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 114/121 • 14514 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14514 CVEs for this tag (all time). In the last 365 days, 1680 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2007-01-31
Critical

CVE-2007-0466

Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers…

CVSS: 10.0 CWE: N/A View on NVD
2007-01-30
Medium

CVE-2007-0562

Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which trigger…

CVSS: 4.3 CWE: N/A View on NVD
2007-01-19
Medium

CVE-2007-0351

Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unloa…

CVSS: 6.2 CWE: N/A View on NVD
2007-01-09
Critical

CVE-2007-0024

Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote…

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2007-0125

Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2007-0105

Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary c…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-0108

nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate us…

CVSS: 6.0 CWE: N/A View on NVD
Medium

CVE-2007-0111

Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running Windows Mobile 5.0, 2003, and 2003SE, allows remote attackers to execute arbitrary code via a craft…

CVSS: 6.8 CWE: N/A View on NVD
2007-01-05
Medium

CVE-2007-0084

Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliab…

CVSS: 6.6 CWE: N/A View on NVD
2007-01-03
Medium

CVE-2007-0045

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x befo…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2006-12-31
High

CVE-2006-4097

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a de…

CVSS: 7.8 CWE: N/A View on NVD
Critical

CVE-2006-4098

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2006-6853

Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002.

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2006-6897

Directory traversal vulnerability in Widcomm Bluetooth for Windows (BTW) 3.0.1.905 allows remote attackers to conduct unauthorized file operations via a .. (dot dot) in an unspecified parameter.

CVSS: 5.4 CWE: N/A View on NVD
High

CVE-2006-6898

Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote attackers to listen to and record conversations, aka the CarWhisperer attack.

CVSS: 7.8 CWE: N/A View on NVD
Critical

CVE-2006-6901

Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2006-6902

Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2006-6908

Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widco…

CVSS: 10.0 CWE: N/A View on NVD
2006-12-28
Medium

CVE-2006-6797

The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseH…

CVSS: 6.6 CWE: N/A View on NVD
2006-12-27
Medium

CVE-2006-6753

Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual…

CVSS: 4.1 CWE: N/A View on NVD
2006-12-26
High

CVE-2006-6723

The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.

CVSS: 7.8 CWE: CWE-399 View on NVD
2006-12-23
Critical

CVE-2006-6713

Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requ…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2006-6714

Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allow remote attackers to cause a denial of service (memory consu…

CVSS: 7.8 CWE: N/A View on NVD
2006-12-22
Medium

CVE-2006-6696

Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted d…

CVSS: 6.9 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2006-12-20
Medium

CVE-2006-6659

The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-6500

Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (cr…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2006-12-15
Medium

CVE-2006-6601

Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any trac…

CVSS: 4.3 CWE: CWE-399 View on NVD
Medium

CVE-2006-6602

explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-6579

Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, a…

CVSS: 4.4 CWE: N/A View on NVD
2006-12-13
Medium

CVE-2006-2386

Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-4702

Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2006-5584

The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain priv…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2006-5585

The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption…

CVSS: 7.2 CWE: CWE-264 View on NVD
2006-12-12
Critical

CVE-2006-5583

Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SN…

CVSS: 10.0 CWE: N/A View on NVD
2006-12-11
High

CVE-2006-6458

The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows rem…

CVSS: 7.8 CWE: N/A View on NVD
2006-12-10
Critical

CVE-2006-6443

Buffer overflow in the Novell Distributed Print Services (NDPS) Print Provider for Windows component (NDPPNT.DLL) in Novell Client 4.91 has unknown impact and remote attack vectors.

CVSS: 10.0 CWE: N/A View on NVD
2006-12-08
Medium

CVE-2006-6334

Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a…

CVSS: 6.8 CWE: N/A View on NVD
2006-12-06
Medium

CVE-2006-6308

Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser win…

CVSS: 4.3 CWE: N/A View on NVD
2006-12-05
Medium

CVE-2006-6296

The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial…

CVSS: 6.1 CWE: CWE-399 View on NVD
Medium

CVE-2006-6307

srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or inval…

CVSS: 5.0 CWE: N/A View on NVD
2006-12-04
Medium

CVE-2006-6252

Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequenc…

CVSS: 4.3 CWE: N/A View on NVD
2006-11-28
High

CVE-2006-6134

Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote atta…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2006-11-20
Medium

CVE-2006-5988

Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco…

CVSS: 5.0 CWE: N/A View on NVD
2006-11-17
High

CVE-2006-5961

Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is…

CVSS: 7.5 CWE: N/A View on NVD
2006-11-14
High

CVE-2006-4688

Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Clie…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-4689

Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2006-3445

Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code v…

CVSS: 7.5 CWE: CWE-189 View on NVD
Critical

CVE-2006-4691

Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via…

CVSS: 10.0 CWE: N/A View on NVD
2006-11-10
High

CVE-2006-5850

Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. NOTE: some of these de…

CVSS: 7.5 CWE: N/A View on NVD
2006-11-06
High

CVE-2006-5758

The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissi…

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2006-5745

Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote…

CVSS: 7.6 CWE: N/A View on NVD
2006-10-31
Low

CVE-2006-5614

Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a m…

CVSS: 2.6 CWE: N/A View on NVD
2006-10-23
High

CVE-2006-5448

The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long…

CVSS: 7.5 CWE: N/A View on NVD
2006-10-17
Medium

CVE-2006-5330

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote…

CVSS: 5.0 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2006-10-10
Medium

CVE-2006-4692

Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arb…

CVSS: 5.1 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
Critical

CVE-2006-4696

Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted pack…

CVSS: 9.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2006-5143

Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Sui…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2006-09-27
Medium

CVE-2006-5028

Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot do…

CVSS: 5.0 CWE: N/A View on NVD
2006-09-26
Medium

CVE-2006-4994

Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP a…

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2006-4981

Symantec Sygate NAC allows physically proximate attackers to bypass control methods and join a local network by selecting a forged MAC address associated with an exception rule that (1) permits all n…

CVSS: 4.6 CWE: N/A View on NVD
2006-09-22
Medium

CVE-2006-4899

The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (s…

CVSS: 5.0 CWE: N/A View on NVD
2006-09-19
Critical

CVE-2006-4868

Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote att…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2006-09-14
High

CVE-2006-4777

Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distribution…

CVSS: 7.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2006-09-12
Medium

CVE-2006-0032

Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbi…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2006-3442

Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message.

CVSS: 7.6 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2006-3873

Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial o…

CVSS: 7.5 CWE: N/A View on NVD
2006-09-07
High

CVE-2006-4613

Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow remote attackers to cause a denial of service via unspecified vectors involving (1) IPSec replay windows and (2) the use of vulne…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2006-4614

PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords in plaintext in the Windows Mobile registry, which allows local users to obtain sensitive information via keys under \HKEY_CURRENT…

CVSS: 4.9 CWE: N/A View on NVD
2006-09-06
High

CVE-2006-4560

Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an In…

CVSS: 7.5 CWE: N/A View on NVD
2006-08-31
Medium

CVE-2006-4492

Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2006-4495

Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects incl…

CVSS: 7.5 CWE: N/A View on NVD
2006-08-29
Medium

CVE-2006-4444

Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO L…

CVSS: 6.5 CWE: N/A View on NVD
2006-08-27
Medium

CVE-2006-4359

Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 3895 on Windows 2000 allows remote attackers to execute arbitrary code via a ZIP archive containing a long filename.

CVSS: 5.1 CWE: N/A View on NVD
2006-08-24
Medium

CVE-2006-4332

Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecif…

CVSS: 5.0 CWE: N/A View on NVD
2006-08-23
High

CVE-2006-4315

Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when runnin…

CVSS: 7.2 CWE: N/A View on NVD
Critical

CVE-2006-4309

VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions.

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2006-3869

Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial o…

CVSS: 7.5 CWE: N/A View on NVD
2006-08-21
Medium

CVE-2006-4258

Absolute path traversal vulnerability in the get functionality in Anti-Spam SMTP Proxy (ASSP) allows remote authenticated users to read arbitrary files via (1) C:\ (Windows drive letter), (2) UNC, an…

CVSS: 4.0 CWE: N/A View on NVD
2006-08-18
High

CVE-2006-4219

The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet E…

CVSS: 7.5 CWE: N/A View on NVD
2006-08-17
High

CVE-2006-3854

Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, whic…

CVSS: 7.5 CWE: N/A View on NVD
2006-08-14
Medium

CVE-2006-4128

Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2006-4138

Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files.

CVSS: 7.6 CWE: N/A View on NVD
Medium

CVE-2006-4110

Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive…

CVSS: 4.3 CWE: N/A View on NVD
2006-08-10
Low

CVE-2006-4071

Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to ca…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2006-4066

The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigg…

CVSS: 2.6 CWE: N/A View on NVD
2006-08-09
High

CVE-2006-4046

Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2006-3439

Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RP…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2006-3440

Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vuln…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2006-3441

Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: wh…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2006-3443

Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directo…

CVSS: 7.2 CWE: CWE-264 View on NVD
High

CVE-2006-3648

Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled except…

CVSS: 7.6 CWE: N/A View on NVD
High

CVE-2006-3444

Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-3643

Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC)…

CVSS: 6.0 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2006-08-08
Medium

CVE-2006-3853

Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username.

CVSS: 5.1 CWE: N/A View on NVD
2006-08-05
Medium

CVE-2006-3992

Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection bef…

CVSS: 5.1 CWE: N/A View on NVD
2006-07-31
High

CVE-2006-3942

The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that cont…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2006-3943

Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeCo…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-3944

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-3945

The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, whic…

CVSS: 5.0 CWE: CWE-787 - Out-of-bounds Write View on NVD
2006-07-28
Low

CVE-2006-3675

Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical a…

CVSS: 2.1 CWE: N/A View on NVD
Medium

CVE-2006-3910

Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) Activ…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-3915

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, whi…

CVSS: 5.0 CWE: N/A View on NVD
2006-07-27
Medium

CVE-2006-3897

Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object…

CVSS: 5.0 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2006-3898

Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before i…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-3899

Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX obje…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-3880

Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TC…

CVSS: 5.0 CWE: N/A View on NVD
2006-07-24
Medium

CVE-2006-3779

Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.

CVSS: 6.5 CWE: N/A View on NVD
2006-07-21
High

CVE-2006-3730

Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice m…

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2006-0817

Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to in…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-0818

Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated u…

CVSS: 4.0 CWE: N/A View on NVD
High

CVE-2006-3697

Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user…

CVSS: 7.2 CWE: CWE-264 View on NVD
Low

CVE-2006-3729

DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMembe…

CVSS: 2.6 CWE: N/A View on NVD
2006-07-11
Low

CVE-2006-3510

The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result i…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-3511

Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the fonts property of the HtmlDlgSafeHelper object, which triggers a null dereference.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-3512

Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) by setting the Enabled property of a DXTFilter ActiveX object to true, which triggers a null dereference.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-1300

Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2006-1314

Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrar…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2006-1315

The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted reque…

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2006-2372

Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP respo…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2006-07-10
Medium

CVE-2006-3488

Absolute path traversal vulnerability in administrador.asp in VirtuaStore 2.0 allows remote attackers to possibly read arbitrary directories or files via an absolute path with Windows drive letter in…

CVSS: 5.0 CWE: N/A View on NVD