Page 11 of 102 results (0.003 seconds)

CVSS: 7.5EPSS: 95%CPEs: 8EXPL: 2

Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets. Desbordamiento de búfer en la implementación del protocolo Private Communications Transport (PCT) en la librería SSL de Microsoft, usada en Microsoft Windows NT 4.0 SP6a, 2000 SP2 a SP4, XP SP1, Server 2003, NetMeeting, Windows 98, y Windows ME. • https://www.exploit-db.com/exploits/275 https://www.exploit-db.com/exploits/16334 http://www.kb.cert.org/vuls/id/586540 http://www.securityfocus.com/archive/1/361836 http://www.us-cert.gov/cas/techalerts/TA04-104A.html http://xforce.iss.net/xforce/alerts/id/168 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1093 https://oval.cisecurity.org/repository/ •

CVSS: 7.5EPSS: 40%CPEs: 6EXPL: 0

Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code. Vulnerabilidad desconocida en la implementación del protocolo H.323 en Microsoft Windows 98, Windows 2000, Windows XP, y Windows Server 2003 permite a atacantes remotos ejecutar código arbitrario. • http://www.ciac.org/ciac/bulletins/o-114.shtml http://www.kb.cert.org/vuls/id/353956 http://www.us-cert.gov/cas/techalerts/TA04-104A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011 https://exchange.xforce.ibmcloud.com/vulnerabilities/15710 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A907 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A946 https://oval.cisecurity.org/re •

CVSS: 5.1EPSS: 67%CPEs: 10EXPL: 0

A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities. Una condición de carrera entre hebras de ejecución el la funcionalidad RPC DCOM de Windows con el parche MS03-039 instalado permite a atacantes remotos causar una denegación de servicio (caída o reinicio) haciendo que dos hebras procesen la misma petición RPC, lo que hace que una use memoria después de que haya sido liberada, una vulnerabilidad distinta de CAN-2003-0352 (Blaster/Nachi), CAN-2003-0715, y CAN-2003-0528, and que ha sido demostrada por ciertos "exploits" contra estas vulnerabilidades. • http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011870.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011886.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011901.html http://marc.info/?l=bugtraq&m=106579825211708&w=2 http://marc.info/?l=bugtraq&m=106588827513795&w=2 http://marc.info/?l=ntbugtraq&m=106580303918155&w=2 http://www.kb.cert.org/vuls/id/547820 http://www.securityfocus.com/bid/8811 http://www • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 7.5EPSS: 15%CPEs: 10EXPL: 1

Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag. Desbordamiento de búfer en el Convertidor HTML (HTML32.cnv) de varios sistemas operativos Windows, permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario mediante una operación de cortar-y-pegar, como se ha demostrado en Internet Explorer 5.0 usando un arguemento "align" larga en una etiqueta HR. • https://www.exploit-db.com/exploits/22824 http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006155.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/006067.html http://marc.info/?l=bugtraq&m=105639925122961&w=2 http://www.cert.org/advisories/CA-2003-14.html http://www.kb.cert.org/vuls/id/823260 http://www.securityfocus.com/bid/8016 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-023 •

CVSS: 7.5EPSS: 10%CPEs: 46EXPL: 0

Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack. Desbordamiento de enteros en JsArrayFunctionHeapSort usado en el Motor de script Windows de JScript (JScript.dll) en varios sistemas operativos Windows permite a atacantes remotos ejecutar código arbitrario mediante una página web maliciosao un correo electrónico HTML que usa un valor de índice de array largo que permite un ataque de desbordamiento de búfer basado en el montón (heap). • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0139.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=26 http://marc.info/?l=bugtraq&m=104812108307645&w=2 http://www.securityfocus.com/bid/7146 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-008 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A134 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A200 https:/ •