Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Windows_xp
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 743 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2008-04-08 | CVE-2008-1086 | The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. | Internet_explorer, Windows\-Nt, Windows_2003_server, Windows_vista, Windows_xp | N/A | ||
| 2008-09-11 | CVE-2008-3013 | gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF... | Digital_image_suite, Forefront_client_security, Internet_explorer, Office, Powerpoint_viewer, Report_viewer, Sql_server, Sql_server_reporting_services, Visio, Windows_server_2008, Windows_vista, Windows_xp, Works | N/A | ||
| 2010-03-31 | CVE-2010-0805 | The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability." | Internet_explorer, Windows_2000, Windows_xp | N/A | ||
| 2010-03-31 | CVE-2010-0491 | Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability." | Internet_explorer, Windows_2000, Windows_2003_server, Windows_server_2003, Windows_xp | N/A | ||
| 2007-09-27 | CVE-2007-5133 | Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png. | 3dm_disk_management_software, Windows_2003_server, Windows_server_2003, Windows_vista, Windows_xp | N/A | ||
| 2010-05-06 | CVE-2010-1734 | The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. | Windows_2000, Windows_2003_server, Windows_server_2003, Windows_xp | N/A | ||
| 2010-11-04 | CVE-2010-4182 | Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information... | Windows_7, Windows_server_2003, Windows_vista, Windows_xp | N/A | ||
| 2017-06-15 | CVE-2017-8461 | Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka "Windows RPC Remote Code Execution Vulnerability." | Windows_server_2003, Windows_xp | 7.8 | ||
| 2011-04-13 | CVE-2011-1229 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." | Agent_access, Aura_conferencing_standard_edition, Basic_call_management_system_reporting_desktop, Call_management_server_supervisor, Callpilot, Callvisor_asai_lan, Communication_server_1000_telephony_manager, Computer_telephony, Contact_center_express, Customer_interaction_express, Enterprise_manager, Integrated_management, Interaction_center, Ip_agent, Ip_softphone, Meeting_exchange, Messaging_application_server, Network_reporting, Octelaccess_server, Octeldesigner, Operational_analyst, Outbound_contact_management, Speech_access, Unified_communication_center, Unified_messenger, Visual_messenger, Visual_vector_client, Vpnmanager_console, Web_messenger, Windows_2003_server, Windows_7, Windows_server_2003, Windows_server_2008, Windows_vista, Windows_xp | N/A | ||
| 2013-10-09 | CVE-2013-3128 | The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary code via a crafted OpenType font (OTF) file, aka "OpenType Font Parsing Vulnerability." | \.net_framework, Windows_7, Windows_8, Windows_rt, Windows_server_2003, Windows_server_2008, Windows_server_2012, Windows_vista, Windows_xp | N/A |