CVSS: 6.5EPSS: 85%CPEs: 31EXPL: 2CVE-2013-7331 – Microsoft Internet Explorer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2013-7331
26 Feb 2014 — The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014. El control ActiveX Microsoft.XMLDOM en Microsoft Windows 8.1 y anteriores permite a atacantes remotos determinar la existencia de nombres de rutas locales, nombres de rutas compartidas UNC, nombres... • https://packetstorm.news/files/id/180667 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.1EPSS: 37%CPEs: 14EXPL: 0CVE-2014-0266
https://notcve.org/view.php?id=CVE-2014-0266
12 Feb 2014 — The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to bypass the Same Origin Policy via a web page that is visited in Internet Explorer, aka "MSXML Information Disclosure Vulnerability." Los controles ActiveX XMLHTTP en XML Core Services 3.0 en Microsoft Windows XP SP2... • http://osvdb.org/103189 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2013-3878
https://notcve.org/view.php?id=CVE-2013-3878
11 Dec 2013 — Stack-based buffer overflow in the LRPC client in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges by operating an LRPC server that sends a crafted LPC port message, aka "LRPC Client Buffer Overrun Vulnerability." Desbordamiento de búfer basado en pila en el cliente LRPC de Microsoft Windows XP SP2 y SP3 y Server 2003 SP2 permite a usuarios locales obtener privilegios mediante la disposición de un servidor LRPC que envíe un mensaje manipulado en el puerto LPC, tambi... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-102 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-3899
https://notcve.org/view.php?id=CVE-2013-3899
11 Dec 2013 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate addresses, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." win32k.sys en los drivers de modo kernel en Microsoft Windows XP SP2, SP3. Server 2003 SP2 no valida apropiadamente direcciones, lo que permite a usuarios locales obtener privilegios a través de una aplicacion manipulada, tambien conocido como "Vulnerabilidad de ... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-101 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 37%CPEs: 14EXPL: 0CVE-2013-5056
https://notcve.org/view.php?id=CVE-2013-5056
11 Dec 2013 — Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that is visited with Internet Explorer, aka "Use-After-Free Vulnerability in Microsoft Scripting Runtime... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-099 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 2%CPEs: 14EXPL: 2CVE-2013-5058 – Microsoft Windows Kernel - 'win32k.sys' Integer Overflow (MS13-101)
https://notcve.org/view.php?id=CVE-2013-5058
11 Dec 2013 — Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges via a crafted application, aka "Win32k Integer Overflow Vulnerability." Desbordamiento de enteros en los controladores en modo kernel de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y... • https://packetstorm.news/files/id/124403 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 80%CPEs: 24EXPL: 7CVE-2013-3900 – Microsoft WinVerifyTrust function Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-3900
11 Dec 2013 — The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability." La función WinVerifyTrust en Microsoft Windo... • https://github.com/snoopopsec/vulnerability-CVE-2013-3900 • CWE-20: Improper Input Validation CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 58%CPEs: 3EXPL: 7CVE-2013-5065 – Microsoft Windows Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2013-5065
27 Nov 2013 — NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013. NDProxy.sys del kernel de Microsoft Windows XP SP2 y SP3 y Server 2003 SP2 permite a usuarios locales obtener privilegios a través de una aplicación manipulada, tal y como se explotó activamente en noviembre de 2013. Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can... • https://packetstorm.news/files/id/124466 •
CVSS: 7.1EPSS: 2%CPEs: 15EXPL: 0CVE-2013-3876
https://notcve.org/view.php?id=CVE-2013-3876
16 Nov 2013 — DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which allows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificate. DirectAccess en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, W... • http://technet.microsoft.com/security/advisory/2862152 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 67%CPEs: 14EXPL: 0CVE-2013-3940
https://notcve.org/view.php?id=CVE-2013-3940
13 Nov 2013 — Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image in a Windows Write (.wri) document, which is not properly handled in WordPad, aka "Graphics Device Interface Integer Ove... • http://www.us-cert.gov/ncas/alerts/TA13-317A • CWE-190: Integer Overflow or Wraparound •