Vulnerabilities > Microsoft > Windows Vista > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-03-23 | CVE-2010-0161 | Resource Management Errors vulnerability in Mozilla Seamonkey and Thunderbird The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI. | 4.3 |
| 2010-02-26 | CVE-2010-0719 | Improper Input Validation vulnerability in Microsoft products An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. | 4.7 |
| 2010-01-12 | CVE-2010-0278 | Buffer Overflow vulnerability in Microsoft Windows Live Messenger 2009 A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. network microsoft | 4.3 |
| 2009-09-11 | CVE-2008-7211 | Local Privilege Escalation vulnerability in Soundblaster Ensoniq PCI Es1371 WDM Driver 5.1.3612.0 CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Ensoniq PCI 1371 sound cards and when running on Windows Vista, does not create a Functional Device Object (FDO) to prevent user-moade access to the Physical Device Object (PDO), which allows local users to gain SYSTEM privileges via a crafted IRP request that dereferences a NULL FsContext pointer. | 6.9 |
| 2009-08-31 | CVE-2009-3019 | Code Injection vulnerability in Microsoft Internet Explorer 6/7 Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute. | 5.0 |
| 2009-08-12 | CVE-2009-2196 | Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors. | 5.0 |
| 2009-08-12 | CVE-2009-1922 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability." | 6.9 |
| 2009-06-01 | CVE-2008-6819 | Race Condition vulnerability in Microsoft Windows 2003 Server and Windows Vista win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. | 4.7 |
| 2009-05-13 | CVE-2009-0162 | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. | 4.3 |
| 2009-04-15 | CVE-2009-0080 | Improper Privilege Management vulnerability in Microsoft Windows Server 2008 and Windows Vista The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability." | 6.9 |