Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Windows_xp
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 742 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2011-12-30 | CVE-2011-3414 | The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability." | Windows_7, Windows_server_2003, Windows_server_2008, Windows_vista, Windows_xp | N/A | ||
| 2010-03-10 | CVE-2010-0806 | Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability." | Internet_explorer, Windows_2000, Windows_2003_server, Windows_server_2003, Windows_server_2008, Windows_vista, Windows_xp | N/A | ||
| 2009-09-08 | CVE-2009-1920 | The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability." | Windows_2000, Windows_server_2003, Windows_server_2008, Windows_vista, Windows_xp | N/A | ||
| 2010-12-22 | CVE-2010-3970 | Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun... | Windows_server_2003, Windows_server_2008, Windows_vista, Windows_xp | N/A | ||
| 2009-09-08 | CVE-2009-1926 | Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability." | Windows_2000, Windows_server_2003, Windows_server_2008, Windows_vista, Windows_xp | N/A | ||
| 2009-09-08 | CVE-2009-2498 | Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability." | Media_foundation_sdk, Windows_2000, Windows_media_format_runtime, Windows_media_services, Windows_server_2003, Windows_server_2008, Windows_vista, Windows_xp | N/A | ||
| 2009-09-08 | CVE-2009-2499 | Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability." | Windows_2000, Windows_media_format_runtime, Windows_media_foundation, Windows_media_services, Windows_server_2003, Windows_server_2008, Windows_vista, Windows_xp | N/A | ||
| 2009-10-14 | CVE-2009-0090 | Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability." | \.net_framework, Windows_2000, Windows_7, Windows_server_2003, Windows_server_2008, Windows_vista, Windows_xp | N/A | ||
| 2009-10-14 | CVE-2009-0091 | Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability." | \.net_framework, Windows_2000, Windows_7, Windows_server_2003, Windows_server_2008, Windows_vista, Windows_xp | N/A | ||
| 2009-10-14 | CVE-2009-2497 | The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability." | \.net_framework, Windows_2000, Windows_7, Windows_server_2003, Windows_server_2008, Windows_vista, Windows_xp | N/A |