CVE-2004-1319
https://notcve.org/view.php?id=CVE-2004-1319
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180. • http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html http://freehost07.websamba.com/greyhats/abusiveparent-discussion.htm http://secunia.com/advisories/13482 http://www.kb.cert.org/vuls/id/356600 http://www.securityfocus.com/bid/11950 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/18504 https://oval.cisecurity.org/repository/search/definitio •
CVE-2004-0894 – Microsoft Windows - Improper Token Validation Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-0894
LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. El Servicio del Subsistema de la Autoridad de Seguridad Local (LSASS) de Windows 2000 Server and Windows Server 2003 no valida adecuadamente la información de conexión, lo que permite a usuarios locales ganar privilegios mediante un programa especialmente diseñado. • https://www.exploit-db.com/exploits/749 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-044 https://exchange.xforce.ibmcloud.com/vulnerabilities/18340 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1888 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2062 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3312 https://oval.cisecurity.org/repository/search/definition/ova •
CVE-2004-0571
https://notcve.org/view.php?id=CVE-2004-0571
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901. El Convertidor de Microsoft Word para Windows 6.0 no valida adecuadamente ciertas longitudes de datos, lo que permite a atacantes remotos ejecutar código arbitrario mediante ficheros .wri, .rtf y .doc enviado por correo electrónico o un sitio web malicioso, también conocida como "Vulnerabilidad de conversión de tabla". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-041 https://exchange.xforce.ibmcloud.com/vulnerabilities/18337 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1168 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1417 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1959 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1976 https://ov •
CVE-2004-1080 – Microsoft Windows - 'WINS' Remote Buffer Overflow (MS04-045)
https://notcve.org/view.php?id=CVE-2004-1080
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." El servicio WINS (wins.exe) de Microsoft Windows NT Server 4.0, Windows 2000 Server y Windows Server 2003 permite a atacantes remotos escribir localizaciones de memoria arbitrarias y posiblemente ejecutar código arbitrario mediante un puntero de memoria modificado en un paquete de replicación WINS al puerto TCP 42. • https://www.exploit-db.com/exploits/909 https://www.exploit-db.com/exploits/16359 http://marc.info/?l=bugtraq&m=110150370506704&w=2 http://secunia.com/advisories/13328 http://securitytracker.com/id?1012516 http://support.microsoft.com/kb/890710 http://www.ciac.org/ciac/bulletins/p-054.shtml http://www.immunitysec.com/downloads/instantanea.pdf http://www.kb.cert.org/vuls/id/145134 http://www.osvdb.org/12378 http://www.securityfocus.com/bid/11763 http:// •
CVE-2004-0839
https://notcve.org/view.php?id=CVE-2004-0839
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". • http://marc.info/?l=bugtraq&m=109303291513335&w=2 http://marc.info/?l=bugtraq&m=109336221826652&w=2 http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html http://www.kb.cert.org/vuls/id/526089 http://www.securityfocus.com/bid/10973 http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/17044 https://oval.cisecurity.org/repository/search •