NO CVE ID RISK LEVEL VULNERABILITY TYPE DESCRIPTION

1 CVE-2013-0075 High DoS The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012,
and Windows RT allows remote attackers to cause a denial of service (reboot) via a
crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
2 CVE-2013-0008 High +Priv win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows
Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows
Server 2012, and Windows RT does not properly handle window broadcast
messages, which allows local users to gain privileges via a crafted application, aka
"Win32k Improper Message Handling Vulnerability."
3 CVE-2012-2556 Critical Exec Code The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows
XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server
2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server
2012, and Windows RT allows remote attackers to execute arbitrary code via a
crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
4 High +Priv win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3,
CVE-2012-1893 Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2,
and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback
parameters during creation of a hook procedure, which allows local users to gain
privileges via a crafted application, aka "Win32k Incorrect Type Handling
Vulnerability."

5 High +Priv win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3,
CVE-2012-1890 Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and
R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout
files, which allows local users to gain privileges via a crafted application, aka
"Keyboard Layout Vulnerability."
6 CVE-2012-1870 Medium +Info The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3,
Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and
R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers
to obtain plaintext data by triggering multiple requests to a third-party HTTPS
server and sniffing the network during the resulting HTTPS session, aka "TLS
Protocol Vulnerability."
7 CVE-2012-1848 High +Priv win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3,
Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and
R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not
properly handle user-mode input passed to kernel mode, which allows local users
to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
8 CVE-2012-0180 High +Priv win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3,
Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and
R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not
properly handle user-mode input passed to kernel mode for (1) windows and (2)
 messages, which allows local users to gain privileges via a crafted application, aka
"Windows and Messages Vulnerability."
9 CVE-2012-0173 Critical Exec Code The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process
packets in memory, which allows remote attackers to execute arbitrary code by
sending crafted RDP packets triggering access to an object that (1) was not
properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a
different vulnerability than CVE-2012-0002.
10 High +Priv win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3,
CVE-2012-0157 Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2,
and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window
messaging, which allows local users to gain privileges via a crafted application
that calls the PostMessage function, aka "PostMessage Function Vulnerability."

11 CVE-2012-0156 Medium Dos DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters,
which allows remote attackers to cause a denial of service (application hang) via a
(1) instant message or (2) web site, aka "DirectWrite Application Denial of Service
Vulnerability."
12 CVE-2012-0154 High +Priv Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft
Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2,
Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows
local users to gain privileges via a crafted application that triggers keyboard layout
errors, aka "Keyboard Layout Use After Free Vulnerability."
13 CVE-2012-0152 Medium Dos The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2
and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial
of service (application hang) via a series of crafted packets, aka "Terminal Server
Denial of Service Vulnerability."
14 CVE-2012-0151 Critical Exec Code The Authenticode Signature Verification function in Microsoft Windows XP SP2 and
SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2,
R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does
not properly validate the digest of a signed portable executable (PE) file, which
allows user-assisted remote attackers to execute arbitrary code via a modified file
with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
15 Critical Exec Code Overflow Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008
CVE-2012-0150 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to
execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow
Vulnerability."
16 CVE-2012-0148 High +Priv afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows
Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1,
and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-
mode input passed to kernel mode, which allows local users to gain privileges via a
crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
17 CVE-2012-0013 Critical Exec Code Incomplete blacklist vulnerability in the Windows Packager configuration in
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista
SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1
allows remote attackers to execute arbitrary code via a crafted ClickOnce
application in a Microsoft Office document, related to .application files, aka
"Assembly Execution Vulnerability."

18 CVE-2012-0004 Critical Exec Code Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and
SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2,
R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute
arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed
captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code
Execution Vulnerability."
19 CVE-2012-0003 Critical Exec Code Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows
Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista
SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a
crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
20 CVE-2012-0002 Critical Exec Code The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process
packets in memory, which allows remote attackers to execute arbitrary code by
sending crafted RDP packets triggering access to an object that (1) was not
properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

https://www.cvedetails.com/vulnerability-
list.php?vendor_id=26&product_id=11366&version_id=91068&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&
opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&
order=1&trc=119&sha=c6a87068fb2e9ce59a31362f3d67d4e56fe70134

https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-3436/version_id-92758/Microsoft-IIS-7.5.html

https://www.cvedetails.com/vulnerability-list/vendor_id-16/product_id-6130/version_id-27261/Cisco-PIX-7.0.html