Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows Xp
Total 1352 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-1020 2 Apple, Microsoft 4 Quicktime, Windows 7, Windows Vista and 1 more 2025-04-11 9.3 HIGH N/A
Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG data in a movie file.
CVE-2011-1235 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2025-04-11 7.2 HIGH N/A
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
CVE-2010-1885 1 Microsoft 3 Windows 2003 Server, Windows Server 2003, Windows Xp 2025-04-11 9.3 HIGH N/A
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
CVE-2011-1962 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2025-04-11 4.3 MEDIUM N/A
Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability."
CVE-2013-1267 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2025-04-11 4.9 MEDIUM N/A
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
CVE-2010-3943 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2025-04-11 7.2 HIGH N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
CVE-2010-1895 1 Microsoft 3 Windows 2003 Server, Windows Server 2003, Windows Xp 2025-04-11 7.2 HIGH N/A
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
CVE-2010-1259 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 2003 Server and 4 more 2025-04-11 9.3 HIGH N/A
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2013-0993 2 Apple, Microsoft 4 Itunes, Windows 7, Windows Vista and 1 more 2025-04-11 6.8 MEDIUM N/A
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
CVE-2010-5172 2 Microsoft, Pandasecurity 2 Windows Xp, Panda Internet Security 2010 2025-04-11 6.2 MEDIUM N/A
Race condition in Panda Internet Security 2010 15.01.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
CVE-2010-3803 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 9.3 HIGH N/A
Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string.
CVE-2011-0164 2 Apple, Microsoft 6 Itunes, Webkit, Windows and 3 more 2025-04-11 7.6 HIGH N/A
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
CVE-2011-0090 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2025-04-11 7.2 HIGH N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
CVE-2012-0181 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2025-04-11 7.2 HIGH N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
CVE-2010-0487 1 Microsoft 7 Windows 2000, Windows 2003 Server, Windows 7 and 4 more 2025-04-11 9.3 HIGH N/A
The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
CVE-2013-1014 2 Apple, Microsoft 5 Itunes, Mac Os X, Windows 7 and 2 more 2025-04-11 4.3 MEDIUM N/A
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
CVE-2010-5157 2 Comodo, Microsoft 2 Comodo Internet Security, Windows Xp 2025-04-11 6.2 MEDIUM N/A
Race condition in Comodo Internet Security before 4.1.149672.916 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack.
CVE-2012-1879 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2025-04-11 9.3 HIGH 8.1 HIGH
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability."
CVE-2011-3397 1 Microsoft 2 Windows Server 2003, Windows Xp 2025-04-11 9.3 HIGH N/A
The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
CVE-2011-1245 1 Microsoft 6 Internet Explorer, Windows 2003 Server, Windows Server 2003 and 3 more 2025-04-11 4.3 MEDIUM N/A
Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability."