Vulnerabilities > Microsoft > Windows Vista > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-01-28 | CVE-2009-0320 | Race Condition vulnerability in Microsoft products Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack." | 4.0 |
| 2009-01-02 | CVE-2008-5823 | Numeric Errors vulnerability in Microsoft Money 2006 An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property. | 4.3 |
| 2009-01-02 | CVE-2008-5821 | Resource Management Errors vulnerability in Apple Safari 3.2 Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document. | 5.0 |
| 2008-12-24 | CVE-2008-5715 | Improper Input Validation vulnerability in Mozilla Firefox 3.0.5 Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). | 5.0 |
| 2008-11-25 | CVE-2008-5229 | Buffer Errors vulnerability in Microsoft Windows Vista Gold Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. | 6.9 |
| 2008-11-12 | CVE-2008-5044 | Race Condition vulnerability in Microsoft Windows Server 2003 and Windows Vista Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring. | 4.0 |
| 2008-11-12 | CVE-2008-4033 | Information Exposure vulnerability in Microsoft XML Core Services Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." | 4.3 |
| 2008-10-09 | CVE-2008-4510 | Resource Management Errors vulnerability in Microsoft Windows Vista Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page. | 4.9 |
| 2008-09-15 | CVE-2008-4071 | Improper Input Validation vulnerability in Adobe Acrobat 9 A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. | 5.0 |
| 2008-09-11 | CVE-2008-3630 | Remote Forged DNS Response vulnerability in Apple Bonjour 1.0.4 mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | 6.4 |