CVSS: 8.5EPSS: 95%CPEs: 23EXPL: 2CVE-2007-3901 – Microsoft DirectX DirectShow - SAMI Buffer Overflow (MS07-064)
https://notcve.org/view.php?id=CVE-2007-3901
12 Dec 2007 — Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file. El desbordamiento de búfer en la región stack de la memoria en el analizador de intercambio de medios accesibles (SAMI) de DirectShow sincronizado en Quartz. dll para Microsoft DirectX versión 7.0 a la versión 10.0, permite a los atacantes remotos ejecutar código arbitrario a travé... • https://www.exploit-db.com/exploits/16442 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 55%CPEs: 37EXPL: 0CVE-2007-2374
https://notcve.org/view.php?id=CVE-2007-2374
30 Apr 2007 — Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. Vulnerabilidad no especificada en Microsoft Windows 2000, XP, y Server 2003 permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante vectores no especificados. NOTA: est... • http://osvdb.org/35637 •
CVSS: 7.8EPSS: 47%CPEs: 29EXPL: 2CVE-2006-6696 – Microsoft Windows - 'MessageBox' Memory Corruption Local Denial of Service
https://notcve.org/view.php?id=CVE-2006-6696
22 Dec 2006 — Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. Vulnerabilidad de liberación de memoria doble en Microsoft Windows 2000, XP, 2003, y Vista, permite a usuario... • https://www.exploit-db.com/exploits/2967 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 88%CPEs: 36EXPL: 1CVE-2006-0032 – Microsoft Indexing Service - Query Validation Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0032
12 Sep 2006 — Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el Indexing Service dentro de Microsoft Windows 2000, XP, y Server 2003, cuando la opción Encoding está asiganado a Auto Se... • https://www.exploit-db.com/exploits/28500 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 95%CPEs: 21EXPL: 1CVE-2006-4495 – Microsoft Windows Server 2000 - Multiple COM Object Instantiation Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-4495
31 Aug 2006 — Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll. Microsoft Internet Explorer permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) y posiblemente ejecutar código de su elección instanciando ciertos objetos Windows 2000 ActiveX COM incluyendo (1) ciodm.dll... • https://www.exploit-db.com/exploits/28420 •
CVSS: 7.5EPSS: 7%CPEs: 31EXPL: 2CVE-2006-3880 – Microsoft Windows XP/2000/2003 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-3880
27 Jul 2006 — Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, a... • https://www.exploit-db.com/exploits/28263 •
CVSS: 8.8EPSS: 9%CPEs: 55EXPL: 1CVE-2006-3351
https://notcve.org/view.php?id=CVE-2006-3351
06 Jul 2006 — Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers. Desbordamiento de buffer en el Explorador de Windows (explorer.exe) de Windows XP y 2003. Permite a usuarios remotos con ayuda del usuario causar una denegación de servicio (indisponibilidad repetida de la aplicación... • http://securityreason.com/securityalert/1186 •
CVSS: 7.8EPSS: 80%CPEs: 32EXPL: 0CVE-2006-2378
https://notcve.org/view.php?id=CVE-2006-2378
13 Jun 2006 — Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. • http://secunia.com/advisories/20605 •
CVSS: 9.8EPSS: 94%CPEs: 59EXPL: 1CVE-2006-2379 – Microsoft Windows - TCP/IP Protocol Driver Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-2379
13 Jun 2006 — Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing. • https://www.exploit-db.com/exploits/1967 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 90%CPEs: 29EXPL: 0CVE-2006-2371
https://notcve.org/view.php?id=CVE-2006-2371
13 Jun 2006 — Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability." • http://secunia.com/advisories/20630 •