CVSS: 9.3EPSS: 43%CPEs: 25EXPL: 0CVE-2012-2556
https://notcve.org/view.php?id=CVE-2012-2556
12 Dec 2012 — The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability." El controlador OpenType Font (OTF) en los controladores modo kernel en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Window... • http://www.us-cert.gov/cas/techalerts/TA12-346A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 59%CPEs: 21EXPL: 0CVE-2012-1891 – Microsoft Internet Explorer MSADO CacheSize Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1891
10 Jul 2012 — Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability." Desbordamiento de búfer basado en memoria dinámica en Microsoft Data Access Components (MDAC) v2.8 SP1 y SP2 y Windows Data Access Components (WDAC) v6.0, permite a atacantes remotos ejecutar códig... • http://www.us-cert.gov/cas/techalerts/TA12-192A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-908: Use of Uninitialized Resource •
CVSS: 5.3EPSS: 10%CPEs: 13EXPL: 0CVE-2012-1870
https://notcve.org/view.php?id=CVE-2012-1870
10 Jul 2012 — The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability." El modo CBC en el protocolo TLS, tal como se utiliza en Microsoft Windows XP SP2 y SP3, Windows ... • http://www.us-cert.gov/cas/techalerts/TA12-192A.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2012-1890
https://notcve.org/view.php?id=CVE-2012-1890
10 Jul 2012 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability." win32k.sys en los controladores en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, y R2 SP1, y Windows 7 Gold y ... • http://www.us-cert.gov/cas/techalerts/TA12-192A.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2012-1893
https://notcve.org/view.php?id=CVE-2012-1893
10 Jul 2012 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability." win32k.sys en los controladores del kernel en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista S... • http://www.us-cert.gov/cas/techalerts/TA12-192A.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 93%CPEs: 29EXPL: 3CVE-2012-1889 – Microsoft XML Core Services Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2012-1889
13 Jun 2012 — Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Microsoft XML Core Services 3.0, 4.0, 5.0, y 6.0 accede a localizaciones de memoria mal formadas, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web modificado. Microsoft XML Core Services cont... • https://www.exploit-db.com/exploits/19186 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 54%CPEs: 13EXPL: 0CVE-2012-0173
https://notcve.org/view.php?id=CVE-2012-0173
12 Jun 2012 — The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002. La ... • http://www.us-cert.gov/cas/techalerts/TA12-164A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 47%CPEs: 33EXPL: 0CVE-2012-1855 – Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1855
12 Jun 2012 — Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability." Microsoft .NET Framework v2.0 SP2, v3.5, v3.5.1, v4, y v4.5 no maneja adecuadamente los punteros de función, lo que permite a atacantes remotos ejecutar código arbitrario a través de (1) una aplicación nave... • http://www.us-cert.gov/cas/techalerts/TA12-164A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 67%CPEs: 30EXPL: 1CVE-2012-1858 – Microsoft Internet Explorer 9 / SharePoint / Lync - toStaticHTML HTML Sanitizing Bypass (MS12-037/MS12-039/MS12-050)
https://notcve.org/view.php?id=CVE-2012-1858
12 Jun 2012 — The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability." La API toStaticHTML (también conocido como componente SafeHTML) en Microsoft Internet Explorer v8 y v9, Communicator 2007 R2, y Lync 2010 y 2010 Attendee no ... • https://www.exploit-db.com/exploits/19777 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 22%CPEs: 26EXPL: 0CVE-2012-1873
https://notcve.org/view.php?id=CVE-2012-1873
12 Jun 2012 — Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability." Microsoft Internet Explorer v7 hasta v9 no crea ni inicializa las cadenas de datos de forma adecuada, lo que permite a atacantes remotos obtener información sensible de procesos de memoria a través de una documento HTML manipulado, también conocido como ... • http://www.us-cert.gov/cas/techalerts/TA12-164A.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •