Vulnerabilities > Microsoft > Windows Vista > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-04-25 | CVE-2008-1931 | Permissions, Privileges, and Access Controls vulnerability in Realtek HD Audio Codec Drivers Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allow local users to create, write, and read registry keys via a crafted IOCTL request. | 6.8 |
| 2008-04-17 | CVE-2008-1026 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari 3/3.1 Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow. | 6.8 |
| 2008-04-17 | CVE-2008-1024 | Resource Management Errors vulnerability in Apple Safari 3/3.1 Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. | 6.8 |
| 2008-03-19 | CVE-2008-1001 | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page. | 4.3 |
| 2007-10-23 | CVE-2007-5634 | Buffer Errors vulnerability in Almico Speedfan 4.33 Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, does not properly check a buffer during an IOCTL 0x9c402420 call, which allows local users to cause a denial of service (machine crash) and possibly gain privileges via unspecified vectors. | 4.9 |
| 2007-09-12 | CVE-2007-3036 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." | 6.9 |
| 2007-08-14 | CVE-2007-3891 | Remote Code Execution vulnerability in Windows Vista Weather Gadget Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes. network microsoft | 6.8 |
| 2007-08-14 | CVE-2007-3033 | Cross-Site Scripting vulnerability in Microsoft Windows Vista Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone. | 4.3 |
| 2007-08-14 | CVE-2007-3032 | Remote Code Execution vulnerability in Windows Vista Contacts Gadget Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported. network microsoft | 6.8 |
| 2007-08-13 | CVE-2007-4315 | Permissions, Privileges, and Access Controls vulnerability in multiple products The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by "Purple Pill". | 6.9 |