Page 118 of 1003 results (0.007 seconds)

CVSS: 10.0EPSS: 44%CPEs: 11EXPL: 0

The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability." Internet Authentication Service (IAS) en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold y SP1 y Server 2008 Gold no verifica de manera apropiada las credenciales en una petición de autenticación MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP), lo que permite a atacantes remotos tener acceso a recuersos de red mediante una petición malformada. También conocido como "Vulnerabilidad de evasión de autenticación MS-CHAP". • http://www.securitytracker.com/id?1023291 http://www.us-cert.gov/cas/techalerts/TA09-342A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6209 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-255: Credentials Management Errors •

CVSS: 9.3EPSS: 2%CPEs: 7EXPL: 0

The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content. El codec Indeo en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 permite a atacantes remotos una denegación de servicio (corrupción de memoria) o posiblemente tener un impacto sin especificar otro impacto a través de contenido multimedia manipulado. • http://secunia.com/advisories/37592 http://securitytracker.com/id?1023302 http://support.microsoft.com/kb/954157 http://support.microsoft.com/kb/955759 http://support.microsoft.com/kb/976138 http://www.fortiguard.com/advisory/FGA-2009-45.html http://www.microsoft.com/technet/security/advisory/954157.mspx http://www.osvdb.org/60857 http://www.securityfocus.com/archive/1/508323/100/0/threaded http://www.securityfocus.com/bid/37251 http://www.vupen.com/english/advisories • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 17%CPEs: 8EXPL: 0

Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file. Desbordamiento del búfer de la memoria dinámica en el codec Intel Indeo41 para Windows Media Player en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 permite a atacantes remotos ejecutar código arbitrario a través de un valor grande de tamaño en una grabación de película en un stream IV41 en un fichero multimedia, como se demuestra en un fichero AVI. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Intel Indeo41 codec which is accessed by various applications through the Video Compression Manager. This codec is registered to handle IV41 streams within a container such as the AVI format. • http://secunia.com/advisories/37592 http://securitytracker.com/id?1023302 http://support.microsoft.com/kb/954157 http://support.microsoft.com/kb/955759 http://support.microsoft.com/kb/976138 http://www.microsoft.com/technet/security/advisory/954157.mspx http://www.osvdb.org/60855 http://www.securityfocus.com/archive/1/508324/100/0/threaded http://www.securityfocus.com/bid/37251 http://www.vupen.com/english/advisories/2009/3440 http://zerodayinitiative.com/advisories/ZDI-09& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 17%CPEs: 8EXPL: 0

Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file. Desbordamiento del búfer de la pila en el codec Intel Indeo41 codec para Windows Media Player en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 permite a atacantes remotos ejecutar código arbitrario a través de datos de vídeo comprimidos debidamente manipulados en un stream en un fichero multimedia que lleve a demasiadas iteraciones, como se demuestra con un fichero AVI. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Intel Indeo41 codec which is accessed by various applications through the Video Compression Manager. This codec is registered to handle IV41 streams within a container such as the AVI format. • http://secunia.com/advisories/37592 http://securitytracker.com/id?1023302 http://support.microsoft.com/kb/954157 http://support.microsoft.com/kb/955759 http://support.microsoft.com/kb/976138 http://www.microsoft.com/technet/security/advisory/954157.mspx http://www.osvdb.org/60856 http://www.securityfocus.com/archive/1/508335/100/0/threaded http://www.securityfocus.com/bid/37251 http://www.vupen.com/english/advisories/2009/3440 http://zerodayinitiative.com/advisories/ZDI-09& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 84%CPEs: 37EXPL: 0

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674. Microsoft Internet Explorer no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue inicializado adecuadamente o (2) es borrado, provocando una corrupción de memoria, conocido como "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a user must visit a malicious web page. The specific flaw exists in the manipulation and parsing of certain HTML tags. The ordering of various objects in a malformed way results in memory corruption resulting in a call to a dangling pointer which can be further leveraged via a heap spray. • http://www.securitytracker.com/id?1023293 http://www.us-cert.gov/cas/techalerts/TA09-342A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6382 • CWE-399: Resource Management Errors CWE-416: Use After Free •