CVSS: 10.0EPSS: 96%CPEs: 12EXPL: 1CVE-2007-0217 – Microsoft Internet Explorer - FTP Server Response Denial of Service (MS07-016)
https://notcve.org/view.php?id=CVE-2007-0217
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption. El código del cliente FTP wininet.dll en Microsoft Internet Explorer 5.01 y 6 podría permitir a atacantes remotos ejecutar código de su elección mediante una respuesta FTP del servidor de una longitud específica que provoca que el byte nulo de terminación sea escrito fuera del búfer, lo cual provoca la corrupción de la pila. • https://www.exploit-db.com/exploits/3444 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473 http://secunia.com/advisories/24156 http://www.kb.cert.org/vuls/id/613564 http://www.osvdb.org/31892 http://www.securityfocus.com/archive/1/462303/100/0/threaded http://www.securityfocus.com/bid/22489 http://www.securitytracker.com/id?1017642 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0584 https:&#x •
CVSS: 9.3EPSS: 89%CPEs: 10EXPL: 0CVE-2006-1311
https://notcve.org/view.php?id=CVE-2006-1311
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption. El componente RichEdit en Microsoft Windows 2000 SP4, XP SP2, y 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, y Office 2004 para Mac; y Learning Essentials para Microsoft Office 1.0, 1.1, y 1.5 permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante un objeto OLE mal formado en un fichero RTF, lo cual provoca una corrupción de memoria. • http://secunia.com/advisories/24152 http://www.kb.cert.org/vuls/id/368132 http://www.osvdb.org/31886 http://www.securityfocus.com/bid/21876 http://www.securitytracker.com/id?1017640 http://www.securitytracker.com/id?1017641 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0582 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/30592 https:/ •
CVSS: 7.6EPSS: 85%CPEs: 3EXPL: 0CVE-2007-0026
https://notcve.org/view.php?id=CVE-2007-0026
The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. El componente OLE Dialog en Microsoft Windows 2000 SP4, XP SP2, y 2003 SP1 permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante un fichero RTF con un objeto OLE que dispara una corrupción de memoria. • http://secunia.com/advisories/24147 http://www.kb.cert.org/vuls/id/497756 http://www.osvdb.org/31885 http://www.securityfocus.com/bid/22483 http://www.securitytracker.com/id?1017637 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0580 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-011 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A540 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2007-0211
https://notcve.org/view.php?id=CVE-2007-0211
The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." La funcionalidad de detección de hardware en la consola de Windows (Windows Shell) en Microsoft Windows XP SP2 permite a usuarios locales obtener privilegios mediante un parámetro no validado a una función relacionada con "detección y registro de nuevo hardware". • http://secunia.com/advisories/24126 http://www.kb.cert.org/vuls/id/240796 http://www.osvdb.org/31890 http://www.securityfocus.com/bid/22481 http://www.securitytracker.com/id?1017633 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0575 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-006 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A224 •
CVSS: 9.3EPSS: 73%CPEs: 8EXPL: 0CVE-2007-0214
https://notcve.org/view.php?id=CVE-2007-0214
The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. El control HTML Help ActiveX (Hhctrl.ocx) en Microsoft Windows 2000 SP3, XP SP2 y Professional, 2003 SP1 permite a atacantes remotos ejecutar código de su elección mediante funciones no especificadas, relacionado con parámetros no inicializados. • http://secunia.com/advisories/24136 http://www.kb.cert.org/vuls/id/563756 http://www.osvdb.org/31884 http://www.securityfocus.com/bid/22478 http://www.securitytracker.com/id?1017635 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0577 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125 •