Skip to main content

Windows Xp

134 CVEs product

Monthly

CVE-2013-1248 MEDIUM This Month

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition Microsoft Windows 7 Windows Server 2003 +3
NVD
CVSS 2.0
4.9
EPSS
0.5%
CVE-2013-0077 CRITICAL Emergency

Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 53.0% and no vendor patch available.

Code Injection Microsoft RCE Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
9.3
EPSS
53.0%
CVE-2013-0007 CRITICAL Act Now

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.2% and no vendor patch available.

Code Injection Microsoft RCE Xml Core Services Windows 7 +13
NVD
CVSS 2.0
9.3
EPSS
24.2%
CVE-2013-0006 HIGH Act Now

Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 68.3% and no vendor patch available.

Microsoft RCE Xml Core Services Windows 7 Windows 8 +12
NVD
CVSS 3.1
8.8
EPSS
68.3%
CVE-2012-4786 CRITICAL Emergency

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 55.3% and no vendor patch available.

Code Injection Microsoft RCE Windows 7 Windows Server 2003 +3
NVD
CVSS 2.0
10.0
EPSS
55.3%
CVE-2012-4774 CRITICAL Emergency

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 56.8% and no vendor patch available.

Code Injection Microsoft RCE Windows 7 Windows Server 2003 +3
NVD
CVSS 2.0
9.3
EPSS
56.8%
CVE-2012-2556 CRITICAL Emergency

The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 46.2% and no vendor patch available.

Code Injection Microsoft RCE Windows 2003 Server Windows 7 +7
NVD
CVSS 2.0
9.3
EPSS
46.2%
CVE-2012-2553 HIGH This Week

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
7.2
EPSS
1.3%
CVE-2012-2530 HIGH This Week

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
7.2
EPSS
2.5%
CVE-2012-1528 CRITICAL Emergency

Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 47.4% and no vendor patch available.

Buffer Overflow Microsoft Windows 7 Windows 8 Windows Server 2003 +4
NVD
CVSS 2.0
9.3
EPSS
47.4%
CVE-2012-1527 CRITICAL Emergency

Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 47.4% and no vendor patch available.

Information Disclosure Microsoft Windows 7 Windows 8 Windows Server 2003 +4
NVD
CVSS 2.0
9.3
EPSS
47.4%
CVE-2012-2529 HIGH This Week

Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
7.2
EPSS
1.2%
CVE-2012-2897 HIGH Act Now

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 40.9% and no vendor patch available.

Buffer Overflow Google Microsoft RCE Chrome +8
NVD
CVSS 3.1
7.8
EPSS
40.9%
CVE-2012-2527 HIGH This Week

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
7.2
EPSS
0.9%
CVE-2012-2526 CRITICAL Emergency

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 57.5% and no vendor patch available.

Code Injection Microsoft RCE Windows Xp
NVD
CVSS 2.0
9.3
EPSS
57.5%
CVE-2012-1853 CRITICAL Emergency

Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 64.4% and no vendor patch available.

Buffer Overflow Microsoft RCE Windows Xp
NVD
CVSS 2.0
10.0
EPSS
64.4%
CVE-2012-1852 CRITICAL Emergency

Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 64.4% and no vendor patch available.

Buffer Overflow Microsoft RCE Windows Xp
NVD
CVSS 2.0
10.0
EPSS
64.4%
CVE-2012-1851 CRITICAL Emergency

Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 72.5% and no vendor patch available.

Microsoft RCE Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
10.0
EPSS
72.5%
Threat
4.2
CVE-2012-1850 MEDIUM This Month

The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 66.1% and no vendor patch available.

Denial Of Service Microsoft Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
5.0
EPSS
66.1%
CVE-2012-1893 HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
7.2
EPSS
0.7%
CVE-2012-1890 HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
7.2
EPSS
0.7%
CVE-2012-1870 MEDIUM This Month

The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.8% and no vendor patch available.

Information Disclosure Microsoft Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
4.3
EPSS
13.8%
CVE-2012-0175 HIGH Act Now

The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 46.8% and no vendor patch available.

Code Injection Command Injection Microsoft RCE Windows 2003 Server +5
NVD
CVSS 3.1
8.8
EPSS
46.8%
CVE-2012-1868 MEDIUM This Month

Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka. Rated medium severity (CVSS 6.9). No vendor patch available.

Information Disclosure Race Condition Microsoft Windows Xp
NVD
CVSS 2.0
6.9
EPSS
0.6%
CVE-2012-1867 HIGH This Week

Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Windows 2003 Server Windows 7 Windows Server 2003 +3
NVD
CVSS 3.1
8.4
EPSS
1.0%
CVE-2012-1866 HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 2003 Server Windows 7 Windows Server 2003 +3
NVD
CVSS 2.0
7.2
EPSS
0.7%
CVE-2012-1865 HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 2003 Server Windows 7 Windows Server 2003 +3
NVD
CVSS 2.0
7.2
EPSS
0.9%
CVE-2012-1864 HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 2003 Server Windows 7 Windows Server 2003 +3
NVD
CVSS 2.0
7.2
EPSS
1.2%
CVE-2012-0217 HIGH POC THREAT Act Now

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 88.0%.

Citrix Intel Buffer Overflow Oracle Canonical +12
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
88.0%
Threat
5.6
CVE-2012-0173 CRITICAL Emergency

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 52.3% and no vendor patch available.

Code Injection Microsoft RCE Windows 7 Windows Server 2003 +3
NVD
CVSS 2.0
9.3
EPSS
52.3%
CVE-2012-1848 HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
7.2
EPSS
1.4%
CVE-2012-0181 HIGH POC This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
3.6%
CVE-2012-0180 HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2012-0159 CRITICAL Emergency

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 64.6% and no vendor patch available.

Microsoft RCE Office Windows 7 Windows 8 +4
NVD
CVSS 2.0
9.3
EPSS
64.6%
CVE-2012-0157 HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 3.1
8.4
EPSS
1.4%
CVE-2012-0002 CRITICAL POC THREAT Emergency

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 87.4%.

Code Injection Microsoft RCE Windows 7 Windows Server 2003 +3
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
87.4%
Threat
6.0
CVE-2012-0154 HIGH This Week

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
7.2
EPSS
1.3%
CVE-2012-0148 HIGH This Week

afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
7.2
EPSS
1.5%
CVE-2012-0013 CRITICAL POC THREAT Emergency

Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 86.5%.

Microsoft RCE Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
86.5%
Threat
6.0
CVE-2012-0009 CRITICAL Emergency

Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 53.5% and no vendor patch available.

Information Disclosure Microsoft Windows Server 2003 Windows Xp
NVD
CVSS 2.0
9.3
EPSS
53.5%
CVE-2012-0005 MEDIUM This Month

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Microsoft Windows Server 2003 Windows Server 2008 Windows Vista +1
NVD
CVSS 2.0
6.9
EPSS
3.7%
CVE-2012-0004 CRITICAL Emergency

Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 64.4% and no vendor patch available.

Microsoft RCE Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
9.3
EPSS
64.4%
CVE-2012-0003 HIGH POC THREAT Act Now

Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 88.0%.

Microsoft RCE Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
88.0%
Threat
5.8
CVE-2012-0001 CRITICAL Emergency

The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 51.2% and no vendor patch available.

Microsoft Authentication Bypass Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
9.3
EPSS
51.2%
EPSS 1% CVSS 4.9
MEDIUM This Month

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition Microsoft +5
NVD
EPSS 53% CVSS 9.3
CRITICAL Emergency

Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 53.0% and no vendor patch available.

Code Injection Microsoft RCE +4
NVD
EPSS 24% CVSS 9.3
CRITICAL Act Now

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.2% and no vendor patch available.

Code Injection Microsoft RCE +15
NVD
EPSS 68% CVSS 8.8
HIGH Act Now

Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 68.3% and no vendor patch available.

Microsoft RCE Xml Core Services +14
NVD
EPSS 55% CVSS 10.0
CRITICAL Emergency

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 55.3% and no vendor patch available.

Code Injection Microsoft RCE +5
NVD
EPSS 57% CVSS 9.3
CRITICAL Emergency

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 56.8% and no vendor patch available.

Code Injection Microsoft RCE +5
NVD
EPSS 46% CVSS 9.3
CRITICAL Emergency

The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 46.2% and no vendor patch available.

Code Injection Microsoft RCE +9
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 7 +4
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 7 +4
NVD
EPSS 47% CVSS 9.3
CRITICAL Emergency

Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 47.4% and no vendor patch available.

Buffer Overflow Microsoft Windows 7 +6
NVD
EPSS 47% CVSS 9.3
CRITICAL Emergency

Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 47.4% and no vendor patch available.

Information Disclosure Microsoft Windows 7 +6
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Windows 7 +4
NVD
EPSS 41% CVSS 7.8
HIGH Act Now

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 40.9% and no vendor patch available.

Buffer Overflow Google Microsoft +10
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 7 +4
NVD
EPSS 58% CVSS 9.3
CRITICAL Emergency

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 57.5% and no vendor patch available.

Code Injection Microsoft RCE +1
NVD
EPSS 64% CVSS 10.0
CRITICAL Emergency

Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 64.4% and no vendor patch available.

Buffer Overflow Microsoft RCE +1
NVD
EPSS 64% CVSS 10.0
CRITICAL Emergency

Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 64.4% and no vendor patch available.

Buffer Overflow Microsoft RCE +1
NVD
EPSS 72% 4.2 CVSS 10.0
CRITICAL Emergency

Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 72.5% and no vendor patch available.

Microsoft RCE Windows 7 +4
NVD
EPSS 66% CVSS 5.0
MEDIUM This Month

The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 66.1% and no vendor patch available.

Denial Of Service Microsoft Windows 7 +4
NVD
EPSS 1% CVSS 7.2
HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 +4
NVD
EPSS 1% CVSS 7.2
HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 +4
NVD
EPSS 14% CVSS 4.3
MEDIUM This Month

The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.8% and no vendor patch available.

Information Disclosure Microsoft Windows 7 +4
NVD
EPSS 47% CVSS 8.8
HIGH Act Now

The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 46.8% and no vendor patch available.

Code Injection Command Injection Microsoft +7
NVD
EPSS 1% CVSS 6.9
MEDIUM This Month

Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka. Rated medium severity (CVSS 6.9). No vendor patch available.

Information Disclosure Race Condition Microsoft +1
NVD
EPSS 1% CVSS 8.4
HIGH This Week

Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Windows 2003 Server +5
NVD
EPSS 1% CVSS 7.2
HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 2003 Server +5
NVD
EPSS 1% CVSS 7.2
HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 2003 Server +5
NVD
EPSS 1% CVSS 7.2
HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 2003 Server +5
NVD
EPSS 88% 5.6 CVSS 7.2
HIGH POC THREAT Act Now

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 88.0%.

Citrix Intel Buffer Overflow +14
NVD Exploit-DB
EPSS 52% CVSS 9.3
CRITICAL Emergency

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 52.3% and no vendor patch available.

Code Injection Microsoft RCE +5
NVD
EPSS 1% CVSS 7.2
HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 +4
NVD
EPSS 4% CVSS 7.2
HIGH POC This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Windows 7 +4
NVD Exploit-DB
EPSS 1% CVSS 7.8
HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 +4
NVD
EPSS 65% CVSS 9.3
CRITICAL Emergency

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 64.6% and no vendor patch available.

Microsoft RCE Office +6
NVD
EPSS 1% CVSS 8.4
HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 +4
NVD
EPSS 87% 6.0 CVSS 9.3
CRITICAL POC THREAT Emergency

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 87.4%.

Code Injection Microsoft RCE +5
NVD Exploit-DB
EPSS 1% CVSS 7.2
HIGH This Week

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 7 +4
NVD
EPSS 1% CVSS 7.2
HIGH This Week

afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 +4
NVD
EPSS 86% 6.0 CVSS 9.3
CRITICAL POC THREAT Emergency

Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 86.5%.

Microsoft RCE Windows 7 +4
NVD Exploit-DB
EPSS 54% CVSS 9.3
CRITICAL Emergency

Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 53.5% and no vendor patch available.

Information Disclosure Microsoft Windows Server 2003 +1
NVD
EPSS 4% CVSS 6.9
MEDIUM This Month

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Microsoft Windows Server 2003 +3
NVD
EPSS 64% CVSS 9.3
CRITICAL Emergency

Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 64.4% and no vendor patch available.

Microsoft RCE Windows 7 +4
NVD
EPSS 88% 5.8 CVSS 8.1
HIGH POC THREAT Act Now

Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 88.0%.

Microsoft RCE Windows 7 +4
NVD Exploit-DB
EPSS 51% CVSS 9.3
CRITICAL Emergency

The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 51.2% and no vendor patch available.

Microsoft Authentication Bypass Windows 7 +4
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy