Vulnerabilities > Microsoft > Windows NT

DATE CVE VULNERABILITY TITLE RISK
2008-11-26 CVE-2008-5232 Out-Of-Bounds Write vulnerability in Microsoft Windows 2000 and Windows NT
Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument.
network
microsoft CWE-787
critical
9.3
2008-09-11 CVE-2008-3635 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
network
apple intel microsoft CWE-119
critical
9.3
2008-09-11 CVE-2008-3630 Remote Forged DNS Response vulnerability in Apple Bonjour 1.0.4
mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
network
low complexity
apple microsoft
6.4
2008-09-11 CVE-2008-3629 Resource Management Errors vulnerability in Apple Quicktime
Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read.
4.3
2008-09-11 CVE-2008-3624 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime
Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms.
6.8
2008-09-11 CVE-2008-3614 Numeric Errors vulnerability in Apple Quicktime
Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.
6.8
2008-09-11 CVE-2008-3014 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
network
microsoft CWE-119
critical
9.3
2008-09-11 CVE-2008-3012 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
network
microsoft CWE-119
critical
9.3
2008-09-11 CVE-2008-3008 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products
Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."
network
microsoft CWE-119
critical
9.3
2008-09-11 CVE-2008-2326 Improper Input Validation vulnerability in Apple Bonjour 1.0.4
mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label.
network
low complexity
apple microsoft CWE-20
5.0