CVSS: 9.3EPSS: 95%CPEs: 29EXPL: 3CVE-2012-1889 – Microsoft XML Core Services Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2012-1889
13 Jun 2012 — Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Microsoft XML Core Services 3.0, 4.0, 5.0, y 6.0 accede a localizaciones de memoria mal formadas, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web modificado. Microsoft XML Core Services cont... • https://www.exploit-db.com/exploits/19186 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2010-0233 – Microsoft Windows XP/Vista/2000/2003 - Double-Free Memory Corruption Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-0233
10 Feb 2010 — Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." Vulnerabilidad de doble liberación en el núcleo de Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2, permite a usuarios locales obtener privilegios a través de una aplicación manipu... • https://www.exploit-db.com/exploits/33593 •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2009-2515
https://notcve.org/view.php?id=CVE-2009-2515
14 Oct 2009 — Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability." Desbordamiento de entero en el kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2 permite a usuar... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 1CVE-2009-0229
https://notcve.org/view.php?id=CVE-2009-0229
10 Jun 2009 — The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." Servicio de impresión de Windows en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1 y SP2, y Server 2008 SP2 permite a usuarios locales leer archivos arbitrarios a través de un separador de página elaborado, alias "Vulnerabilida... • https://github.com/zveriu/CVE-2009-0229-PoC • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 74%CPEs: 46EXPL: 0CVE-2009-1529 – Microsoft Internet Explorer setCapture Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1529
10 Jun 2009 — Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 7 para Windows XP SP2 y SP3; 7 para Server 2003 SP2; 7 para Vista Gold, SP1 y SP2; y 7 para Server 2008 SP2, no maneja apro... • http://osvdb.org/54948 • CWE-399: Resource Management Errors CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 83%CPEs: 46EXPL: 0CVE-2009-1530 – Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1530
10 Jun 2009 — Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en Microsoft Inter... • http://osvdb.org/54949 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 71%CPEs: 17EXPL: 1CVE-2008-4029 – Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)
https://notcve.org/view.php?id=CVE-2008-4029
12 Nov 2008 — Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability." Vulnerabilidad de dominios cruzados en Microsoft XML Core Services v3.0 y v4.0, como lo utilizado en Internet Explorer, permite a atacantes remotos obtener información sensible de otro dominio a través... • https://www.exploit-db.com/exploits/7196 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 2049EXPL: 1CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
20 Oct 2008 — The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, p... • https://github.com/mrclki/sockstress • CWE-16: Configuration •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2008-2250
https://notcve.org/view.php?id=CVE-2008-2250
15 Oct 2008 — The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability." El kernel de Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1 y Server 2008 no valida correctamente las propiedades... • http://marc.info/?l=bugtraq&m=122479227205998&w=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2008-2251
https://notcve.org/view.php?id=CVE-2008-2251
15 Oct 2008 — Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510. Vulnerabilidad de doble liberación en el núcleo en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista G... • http://marc.info/?l=bugtraq&m=122479227205998&w=2 • CWE-399: Resource Management Errors •