Vulnerabilities > Microsoft > Windows XP > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-07-13 | CVE-2011-1886 | Local Information Disclosure vulnerability in Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1886) win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer dereference, aka "Win32k Incorrect Parameter Validation Allows Information Disclosure Vulnerability." Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference' | 2.1 |
| 2010-07-30 | CVE-2010-1796 | Information Exposure vulnerability in Apple Safari and Webkit The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. | 2.6 |
| 2007-07-12 | CVE-2007-3724 | Denial-Of-Service vulnerability in Windows XP Gold The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | 2.1 |
| 2007-03-20 | CVE-2007-1537 | Local Privilege Escalation vulnerability in Microsoft Windows 2003 Server and Windows XP \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. | 3.6 |
| 2006-10-31 | CVE-2006-5614 | Remote Denial of Service vulnerability in Microsoft Windows NT Helper Components and Windows XP Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference. | 2.6 |
| 2006-08-10 | CVE-2006-4071 | Remote Denial of Service vulnerability in Microsoft Windows 2003 Server and Windows XP Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file. | 2.6 |
| 2006-08-10 | CVE-2006-4066 | Denial Of Service vulnerability in Microsoft Windows Graphical Device Interface Plus Library The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. | 2.6 |
| 2006-05-12 | CVE-2006-2334 | Unspecified vulnerability in Microsoft Windows 2000 and Windows XP The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software. | 2.1 |
| 2006-03-29 | CVE-2006-1475 | Local Security vulnerability in Windows XP Tablet PC Edition Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file. | 2.1 |
| 2006-03-29 | CVE-2006-1476 | Remote Security vulnerability in Windows XP Tablet PC Edition Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious ".exe" program in a folder named "Internet Explorer," which triggers a question about whether to unblock the "Internet Explorer" program. | 2.6 |