cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2007-6753,https://securityvulnerability.io/vulnerability/CVE-2007-6753,,"Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.",Microsoft,"Windows 2000,Windows Server 2008,Windows Vista,Windows 7,Windows Xp",,,0.0004400000034365803,false,false,false,false,,false,false,2012-03-28T19:00:00.000Z,0
CVE-2010-4562,https://securityvulnerability.io/vulnerability/CVE-2010-4562,,"Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.",Microsoft,"Windows 2000,Windows Server 2008,Windows Vista,Windows 7,Windows 2003 Server,Windows Xp",,,0.005499999970197678,false,false,false,false,,false,false,2012-02-02T17:55:00.000Z,0
CVE-2010-1255,https://securityvulnerability.io/vulnerability/CVE-2010-1255,,"The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to ""glyph outline information"" and TrueType fonts, aka ""Win32k TrueType Font Parsing Vulnerability.""",Microsoft,Windows 2000,,,0.002460000105202198,false,false,false,false,,false,false,2010-06-08T22:00:00.000Z,0
CVE-2010-0485,https://securityvulnerability.io/vulnerability/CVE-2010-0485,,"The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 ""do not properly validate all callback parameters when creating a new window,"" which allows local users to execute arbitrary code, aka ""Win32k Window Creation Vulnerability.""",Microsoft,Windows 2000,,,0.0014700000174343586,false,false,false,false,,false,false,2010-06-08T22:00:00.000Z,0
CVE-2010-0484,https://securityvulnerability.io/vulnerability/CVE-2010-0484,,"The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 ""do not properly validate changes in certain kernel objects,"" which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka ""Win32k Improper Data Validation Vulnerability.""",Microsoft,Windows 2000,,,0.0014799999771639705,false,false,false,false,,false,false,2010-06-08T22:00:00.000Z,0
CVE-2010-0819,https://securityvulnerability.io/vulnerability/CVE-2010-0819,,"Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka ""OpenType CFF Font Driver Memory Corruption Vulnerability.""",Microsoft,Windows 2000,,,0.001509999972768128,false,false,false,false,,false,false,2010-06-08T20:00:00.000Z,0
CVE-2010-1689,https://securityvulnerability.io/vulnerability/CVE-2010-1689,,"The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.",Microsoft,Windows 2000,,,0.005940000060945749,false,false,false,false,,false,false,2010-05-07T18:30:00.000Z,0
CVE-2010-1690,https://securityvulnerability.io/vulnerability/CVE-2010-1690,,"The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.",Microsoft,Windows 2000,,,0.5206999778747559,false,false,false,false,,false,false,2010-05-07T18:30:00.000Z,0
CVE-2010-1735,https://securityvulnerability.io/vulnerability/CVE-2010-1735,,"The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.",Microsoft,"Windows 2003 Server,Windows Xp,Windows 2000,Windows Server 2003",,,0.0004299999854993075,false,false,false,false,,false,false,2010-05-06T12:47:00.000Z,0
CVE-2010-1734,https://securityvulnerability.io/vulnerability/CVE-2010-1734,,"The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.",Microsoft,"Windows 2003 Server,Windows Xp,Windows 2000,Windows Server 2003",,,0.0004199999966658652,false,false,false,false,,false,false,2010-05-06T12:47:00.000Z,0
CVE-2010-0235,https://securityvulnerability.io/vulnerability/CVE-2010-0235,,"The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka ""Windows Kernel Symbolic Link Value Vulnerability.""",Microsoft,Windows 2000,,,0.0024900001008063555,false,false,false,false,,false,false,2010-04-14T15:44:00.000Z,0
CVE-2010-0236,https://securityvulnerability.io/vulnerability/CVE-2010-0236,,"The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka ""Windows Kernel Memory Allocation Vulnerability.""",Microsoft,Windows 2000,,,0.0006799999973736703,false,false,false,false,,false,false,2010-04-14T15:44:00.000Z,0
CVE-2010-0237,https://securityvulnerability.io/vulnerability/CVE-2010-0237,,"The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka ""Windows Kernel Symbolic Link Creation Vulnerability.""",Microsoft,Windows 2000,,,0.0009399999980814755,false,false,false,false,,false,false,2010-04-14T15:44:00.000Z,0
CVE-2010-0480,https://securityvulnerability.io/vulnerability/CVE-2010-0480,,"Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka ""MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability.""",Microsoft,Windows 2000,,,0.9652400016784668,false,false,false,false,,false,false,2010-04-14T15:44:00.000Z,0
CVE-2010-0234,https://securityvulnerability.io/vulnerability/CVE-2010-0234,,"The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka ""Windows Kernel Null Pointer Vulnerability.""",Microsoft,Windows 2000,,,0.0024399999529123306,false,false,false,false,,false,false,2010-04-14T15:44:00.000Z,0
CVE-2010-0238,https://securityvulnerability.io/vulnerability/CVE-2010-0238,,"Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka ""Windows Kernel Registry Key Vulnerability.""",Microsoft,Windows 2000,,,0.0024900001008063555,false,false,false,false,,false,false,2010-04-14T15:44:00.000Z,0
CVE-2010-0478,https://securityvulnerability.io/vulnerability/CVE-2010-0478,,"Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka ""Media Services Stack-based Buffer Overflow Vulnerability.""",Microsoft,Windows 2000,,,0.9688299894332886,false,false,false,false,,false,false,2010-04-14T15:44:00.000Z,0
CVE-2010-0025,https://securityvulnerability.io/vulnerability/CVE-2010-0025,,"The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka ""SMTP Memory Allocation Vulnerability.""",Microsoft,Windows 2000,,,0.11513999849557877,false,false,false,false,,false,false,2010-04-14T15:44:00.000Z,0
CVE-2010-0268,https://securityvulnerability.io/vulnerability/CVE-2010-0268,,"Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka ""Media Player Remote Code Execution Vulnerability.""",Microsoft,"Windows Media Player,Windows 2000",,,0.8367900252342224,false,false,false,false,,false,false,2010-04-14T15:44:00.000Z,0
CVE-2010-0024,https://securityvulnerability.io/vulnerability/CVE-2010-0024,,"The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka ""SMTP Server MX Record Vulnerability.""",Microsoft,Windows 2000,,,0.01565999910235405,false,false,false,false,,false,false,2010-04-14T15:44:00.000Z,0
CVE-2010-0805,https://securityvulnerability.io/vulnerability/CVE-2010-0805,,"The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka ""Memory Corruption Vulnerability.""",Microsoft,"Internet Explorer,Windows 2000",,,0.9641600251197815,false,false,false,false,,false,false,2010-03-31T19:00:00.000Z,0
CVE-2010-0917,https://securityvulnerability.io/vulnerability/CVE-2010-0917,,"Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.",Microsoft,"Windows 2000,Windows 2003 Server,Windows Server 2003,Windows Xp",,,0.24247999489307404,false,false,false,false,,false,false,2010-03-03T19:00:00.000Z,0
CVE-2010-0483,https://securityvulnerability.io/vulnerability/CVE-2010-0483,,"vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka ""VBScript Help Keypress Vulnerability.""",Microsoft,"Windows 2000,Windows 2003 Server,Windows Server 2003,Windows Xp",,,0.972819983959198,false,false,false,false,,false,false,2010-03-03T19:00:00.000Z,0
CVE-2010-0719,https://securityvulnerability.io/vulnerability/CVE-2010-0719,,"An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.",Microsoft,"Windows 2000,Windows Server 2008,Windows Vista,Windows 7,Windows 2003 Server,Windows Xp",,,0.00044999999227002263,false,false,false,false,,false,false,2010-02-26T19:00:00.000Z,0
CVE-2010-0233,https://securityvulnerability.io/vulnerability/CVE-2010-0233,,"Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka ""Windows Kernel Double Free Vulnerability.""",Microsoft,"Windows Server 2008,Windows Vista,Windows 2000,Windows Xp,Windows Server 2003",,,0.0004400000034365803,false,false,false,false,,false,false,2010-02-10T18:00:00.000Z,0