CVSS: 9.3EPSS: 96%CPEs: 14EXPL: 2CVE-2013-3918 – Microsoft Internet Explorer - CardSpaceClaimCollection ActiveX Integer Underflow (MS13-090)
https://notcve.org/view.php?id=CVE-2013-3918
12 Nov 2013 — The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCard... • https://packetstorm.news/files/id/124183 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 96%CPEs: 12EXPL: 2CVE-2013-1347 – Microsoft Internet Explorer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1347
05 May 2013 — Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013. Microsoft Internet Explorer 8 no maneja adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección cuando acceden al objeto que (1)no se ha asignado adecuadamente o (2) se ha eliminado, como han sido explotadas a lo largo... • https://www.exploit-db.com/exploits/25294 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-416: Use After Free •
CVSS: 10.0EPSS: 80%CPEs: 43EXPL: 0CVE-2013-0073
https://notcve.org/view.php?id=CVE-2013-0073
13 Feb 2013 — The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." El componente Windows Forms (conocido como WinForms) de Microsoft .NET Framework v2.0 SP2, v3.5, v3.5.1, v4, y v4.5 no r... • http://www.us-cert.gov/cas/techalerts/TA13-043B.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 86%CPEs: 35EXPL: 0CVE-2013-0005
https://notcve.org/view.php?id=CVE-2013-0005
09 Jan 2013 — The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability." La función WCF Replace en la implementación del protocolo Open Data (alias OData) en Microsoft. NET Framework v3.5, v3.5 SP1, v3.5.1 y v... • http://www.us-cert.gov/cas/techalerts/TA13-008A.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 83%CPEs: 50EXPL: 1CVE-2012-4969 – Microsoft Internet Explorer Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2012-4969
18 Sep 2012 — Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012. Vulnerabilidad de error en la gestión de recursos en la función CMshtmlEd::Exec en mshtml.dll en Microsoft Internet Explorer 6 a 9 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado, como se ha explotado en septiembre de 2012. This vulner... • https://www.exploit-db.com/exploits/21840 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2012-0178
https://notcve.org/view.php?id=CVE-2012-0178
09 May 2012 — Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability." Condición de carrera en partmgr.sys en Windows Partition Manager en Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, y R2 SP1,... • http://osvdb.org/81735 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2010-0233 – Microsoft Windows XP/Vista/2000/2003 - Double-Free Memory Corruption Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-0233
10 Feb 2010 — Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." Vulnerabilidad de doble liberación en el núcleo de Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2, permite a usuarios locales obtener privilegios a través de una aplicación manipu... • https://www.exploit-db.com/exploits/33593 •
CVSS: 10.0EPSS: 36%CPEs: 4EXPL: 0CVE-2009-2505
https://notcve.org/view.php?id=CVE-2009-2505
09 Dec 2009 — The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability." The Internet Authentication Service (IAS) en Microsoft Windows Vista SP2 y Server 2008 SP2 no valida adecuadamente las peticiones ... • http://www.securitytracker.com/id?1023291 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 96%CPEs: 10EXPL: 15CVE-2009-3103 – Microsoft Windows - SMB2 Negotiate Protocol '0x72' Response Denial of Service
https://notcve.org/view.php?id=CVE-2009-3103
08 Sep 2009 — Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are ... • https://packetstorm.news/files/id/180560 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 38%CPEs: 18EXPL: 0CVE-2009-1930
https://notcve.org/view.php?id=CVE-2009-1930
12 Aug 2009 — The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834. El servicio Telnet en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2 permite a los servidores Telnet r... • http://osvdb.org/56904 • CWE-255: Credentials Management Errors •