Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2013-10-09 CVE-2013-3896 Unspecified vulnerability in Microsoft Silverlight
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."
local
low complexity
microsoft
5.5
2012-09-18 CVE-2012-2993 Improper Certificate Validation vulnerability in Microsoft Windows Phone 7 Firmware
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.
network
high complexity
microsoft CWE-295
5.9
2007-10-15 CVE-2007-5460 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Microsoft Windows Mobile 5.0
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.
low complexity
microsoft CWE-327
4.6
2007-06-06 CVE-2007-2237 Divide By Zero vulnerability in Microsoft Windows XP
Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.
local
low complexity
microsoft CWE-369
5.5
2006-06-13 CVE-2006-2374 Improper Locking vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
local
low complexity
microsoft CWE-667
5.5
2002-09-05 CVE-2002-0725 Link Following vulnerability in Microsoft Windows 2000 and Windows NT
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.
local
low complexity
microsoft CWE-59
5.5