CVSS: 7.1EPSS: 87%CPEs: 10EXPL: 0CVE-2008-1445
https://notcve.org/view.php?id=CVE-2008-1445
Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. Active Directory en Microsoft Windows 2000 Server SP4, XP Professional SP2 y SP3, Server 2003 SP1 y SP2, y Server 2008 permite a usuarios autenticados causar una denegación de servicio (caída del sistema o reinicio) a través de una petición LDAP manipulada. • http://secunia.com/advisories/30586 http://securitytracker.com/id?1020229 http://www.securityfocus.com/archive/1/493338/100/0/threaded http://www.securityfocus.com/archive/1/493342/100/0/threaded http://www.securityfocus.com/bid/29584 http://www.us-cert.gov/cas/techalerts/TA08-162B.html http://www.vupen.com/english/advisories/2008/1782 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-035 https://oval.cisecurity.org/repository/search/definition/oval% • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 91%CPEs: 20EXPL: 0CVE-2008-1444 – Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-1444
Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability." Desbordamiento de búfer basado en pila en Microsoft DirectX 7.0 y 8.1 o en Windows 2000 SP4 permite a atacantes remotos ejecutar código de su elección a través de un archivo Synchronized Accessible Media Interchange (SAMI) con parámetros manipulados para una variable Class Name, también conocida como la "Vulnerabilidad SAMI Format Parsing" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of SAMI files. When handling the properties of a "Class Name" variable a lack of bounds checking can result in a stack overflow. Successful exploitation can lead to remote code execution under the credentials of the logged in user. • http://marc.info/?l=bugtraq&m=121380194923597&w=2 http://secunia.com/advisories/30579 http://securityreason.com/securityalert/3937 http://securitytracker.com/id?1020223 http://www.securityfocus.com/archive/1/493250/100/0/threaded http://www.securityfocus.com/bid/29578 http://www.us-cert.gov/cas/techalerts/TA08-162B.html http://www.vupen.com/english/advisories/2008/1780 http://www.zerodayinitiative.com/advisories/ZDI-08-040 https://docs.microsoft.com/en-us/security-updates&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 87%CPEs: 16EXPL: 0CVE-2008-1086
https://notcve.org/view.php?id=CVE-2008-1086
The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. El HxTocCtrl ActiveX control (hxvz.dll), usado en Microsoft Internet Explorer 5.01 SP4 y 6 SP1, en Windows XP SP2, Server 2003 SP1 y SP2, Vista SP1 y Server 2008, permite a atacantes remotos ejecutar código de su elección a través de argumentos mal formados, lo que dispara una corrupción de memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=680 http://marc.info/?l=bugtraq&m=120845064910729&w=2 http://secunia.com/advisories/29714 http://www.securityfocus.com/bid/28606 http://www.securitytracker.com/id?1019800 http://www.us-cert.gov/cas/techalerts/TA08-099A.html http://www.vupen.com/english/advisories/2008/1147/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-023 https://exchange.xforce.ibmcloud.com/vulnerabilities/4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 75%CPEs: 14EXPL: 2CVE-2008-1087 – Microsoft Windows - GDI Image Parsing Stack Overflow (MS08-021)
https://notcve.org/view.php?id=CVE-2008-1087
Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." Desbordamiento de búfer basado en pila en GDI de Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 y SP2, Vista, y Server 2008, permite a atacantes remotos ejecutar código de su elección a través de un fichero de imagen EMF con los parámetros del nombre del fichero manipulados, también conocido como "Vulnerabilidad de desbordamiento de pila en GDI" • https://www.exploit-db.com/exploits/5442 https://www.exploit-db.com/exploits/6656 http://marc.info/?l=bugtraq&m=120845064910729&w=2 http://secunia.com/advisories/29704 http://www.osvdb.org/44215 http://www.securityfocus.com/bid/28570 http://www.securitytracker.com/id?1019798 http://www.us-cert.gov/cas/techalerts/TA08-099A.html http://www.vupen.com/english/advisories/2008/1145/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-021& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •