Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows Xp
Subscriptions
Total
1352 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1591 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | N/A |
| Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file. | ||||
| CVE-2004-1306 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | N/A |
| Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file. | ||||
| CVE-2005-0063 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2025-04-03 | N/A |
| The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document. | ||||
| CVE-2002-0694 | 1 Microsoft | 7 Windows 2000, Windows 2000 Terminal Services, Windows 98 and 4 more | 2025-04-03 | N/A |
| The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File." | ||||
| CVE-2006-3511 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-03 | N/A |
| Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the fonts property of the HtmlDlgSafeHelper object, which triggers a null dereference. | ||||
| CVE-2004-2339 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 8.4 High |
| Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed | ||||
| CVE-2006-4066 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | N/A |
| The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue. | ||||
| CVE-2005-0545 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-03 | N/A |
| Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post. | ||||
| CVE-2005-4360 | 1 Microsoft | 2 Internet Information Services, Windows Xp | 2025-04-03 | N/A |
| The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot). | ||||
| CVE-2006-0034 | 1 Microsoft | 5 Distributed Transaction Coordinator, Windows 2000, Windows 2003 Server and 2 more | 2025-04-03 | N/A |
| Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. | ||||
| CVE-2005-4696 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | N/A |
| The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network. | ||||
| CVE-2002-1258 | 1 Microsoft | 8 Windows 2000, Windows 2000 Terminal Services, Windows 95 and 5 more | 2025-04-03 | N/A |
| Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error. | ||||
| CVE-2001-0721 | 1 Microsoft | 4 Windows 98, Windows 98se, Windows Me and 1 more | 2025-04-03 | N/A |
| Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request. | ||||
| CVE-2002-1670 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-03 | N/A |
| Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched. | ||||
| CVE-2004-2176 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | N/A |
| The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls. | ||||
| CVE-2006-2218 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-03 | N/A |
| Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992. | ||||
| CVE-2005-1214 | 1 Microsoft | 7 Windows 2000, Windows 2000 Terminal Services, Windows 2003 Server and 4 more | 2025-04-03 | N/A |
| Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page. | ||||
| CVE-2001-1200 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | N/A |
| Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys. | ||||
| CVE-2006-4071 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | N/A |
| Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file. | ||||
| CVE-2006-1313 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2025-04-03 | N/A |
| Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code. | ||||