Vulnerabilities > Microsoft > Windows Vista
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-20 | CVE-2007-1535 | Unspecified vulnerability in Microsoft Windows Vista Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo. | 7.5 |
2007-03-20 | CVE-2007-1534 | Remote Security vulnerability in Windows Vista DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window. | 9.3 |
2007-03-20 | CVE-2007-1533 | Unspecified vulnerability in Microsoft Windows Vista The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks. | 5.0 |
2007-03-20 | CVE-2007-1532 | Unspecified vulnerability in Microsoft Windows Vista The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements. | 6.4 |
2007-03-20 | CVE-2007-1531 | Resource Management Errors vulnerability in Microsoft Windows Vista and Windows XP Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host. | 5.0 |
2007-03-20 | CVE-2007-1530 | Remote Denial Of Service vulnerability in Microsoft Windows Vista LLTD Mapper EMIT Packet The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error. | 5.0 |
2007-03-20 | CVE-2007-1529 | Unspecified vulnerability in Microsoft Windows Vista The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack. network microsoft | 4.3 |
2007-03-20 | CVE-2007-1528 | Unspecified vulnerability in Microsoft Windows Vista The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack. | 5.0 |
2007-03-20 | CVE-2007-1527 | Unspecified vulnerability in Microsoft Windows Vista The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack. | 5.0 |
2007-03-17 | CVE-2007-1499 | Cross-Site Scripting vulnerability in Microsoft IE 7.0 Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability." | 4.3 |