Vulnerabilities > Microsoft > Windows Vista > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-08 | CVE-2007-4247 | Denial of Service vulnerability in Microsoft Windows Calendar ICS File Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file. network microsoft | 4.3 |
| 2007-06-12 | CVE-2007-2227 | Information Disclosure vulnerability in Microsoft Outlook Express and Windows Mail The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." network microsoft | 4.3 |
| 2007-06-12 | CVE-2007-2225 | Information Disclosure vulnerability in Microsoft Outlook Express and Windows Mail A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." network microsoft | 4.3 |
| 2007-04-06 | CVE-2007-1884 | Format String vulnerability in PHP Printf() Function 64bit Casting Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location. | 6.8 |
| 2007-04-04 | CVE-2007-1212 | Privilege Escalation vulnerability in Microsoft Windows Graphics Rendering Engine EMF File Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file. local microsoft | 6.6 |
| 2007-03-20 | CVE-2007-1533 | Unspecified vulnerability in Microsoft Windows Vista The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks. | 5.0 |
| 2007-03-20 | CVE-2007-1532 | Unspecified vulnerability in Microsoft Windows Vista The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements. | 6.4 |
| 2007-03-20 | CVE-2007-1531 | Resource Management Errors vulnerability in Microsoft Windows Vista and Windows XP Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host. | 5.0 |
| 2007-03-20 | CVE-2007-1530 | Remote Denial Of Service vulnerability in Microsoft Windows Vista LLTD Mapper EMIT Packet The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error. | 5.0 |
| 2007-03-20 | CVE-2007-1529 | Unspecified vulnerability in Microsoft Windows Vista The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack. network microsoft | 4.3 |