Filtered by vendor Microsoft Subscriptions
Filtered by product Windows Xp Subscriptions
Total 1351 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2007-3826 1 Microsoft 2 Internet Explorer, Windows Xp 2024-11-21 N/A
Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called.
CVE-2007-3760 2 Apple, Microsoft 5 Iphone Os, Mac Os X, Safari and 2 more 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags.
CVE-2007-3758 2 Apple, Microsoft 5 Iphone Os, Mac Os X, Safari and 2 more 2024-11-21 N/A
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks.
CVE-2007-3756 2 Apple, Microsoft 5 Iphone Os, Mac Os X, Safari and 2 more 2024-11-21 N/A
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain.
CVE-2007-3751 2 Apple, Microsoft 4 Mac Os X, Quicktime, Windows Vista and 1 more 2024-11-21 N/A
Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.
CVE-2007-3750 2 Apple, Microsoft 4 Mac Os X, Quicktime, Windows Vista and 1 more 2024-11-21 N/A
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file.
CVE-2007-3724 1 Microsoft 1 Windows Xp 2024-11-21 N/A
The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
CVE-2007-3493 2 Microsoft, Nctsoft Products 4 Internet Explorer, Windows Xp, Nctaudiostudio and 1 more 2024-11-21 N/A
A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400.
CVE-2007-3463 1 Microsoft 1 Windows Xp 2024-11-21 N/A
Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account.
CVE-2007-3437 2 Aol, Microsoft 2 Instant Messenger, Windows Xp 2024-11-21 N/A
AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350.
CVE-2007-3436 1 Microsoft 2 Msn Messenger, Windows Xp 2024-11-21 N/A
Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation.
CVE-2007-3406 1 Microsoft 2 Internet Explorer, Windows Xp 2024-11-21 N/A
Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag.
CVE-2007-3376 2 Apple, Microsoft 2 Safari, Windows Xp 2024-11-21 N/A
Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark.
CVE-2007-3350 2 Aol, Microsoft 2 Instant Messenger, Windows Xp 2024-11-21 N/A
AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application hang) via a flood of spoofed SIP INVITE requests.
CVE-2007-3274 2 Apple, Microsoft 2 Safari, Windows Xp 2024-11-21 N/A
Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location.
CVE-2007-3091 1 Microsoft 6 Internet Explorer, Windows 2000, Windows 2003 Server and 3 more 2024-11-21 N/A
Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability."
CVE-2007-3039 1 Microsoft 3 Message Queuing, Windows 2000, Windows Xp 2024-11-21 N/A
Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
CVE-2007-3036 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows Services For Unix and 2 more 2024-11-21 N/A
Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
CVE-2007-3034 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Server 2003 and 1 more 2024-11-21 N/A
Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
CVE-2007-3027 1 Microsoft 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more 2024-11-21 N/A
Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability."