Page 14 of 637 results (0.013 seconds)

CVSS: 6.8EPSS: 7%CPEs: 7EXPL: 0

CVE-2009-3675

https://notcve.org/view.php?id=CVE-2009-3675

LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability." LSASS.exe en Local Security Authority Subsystem Service (LSASS) en Microsoft Windows 2000 SP4, XP SP2 y SP3 y Server 2003 SP2 permite a atacantes remotos autenticados provocar una denegación de servicio (consumo de CPU) mediante una petición ISAKMP sobre IPsec malformada. También conocido como "Vulnerabilidad de consumo de recuersos Local Security Authority Subsystem Service". • http://www.us-cert.gov/cas/techalerts/TA09-342A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-069 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6639 • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 93%CPEs: 10EXPL: 0

CVE-2009-2506

https://notcve.org/view.php?id=CVE-2009-2506

Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow. Desbordamiento de enteros en los convertidores de texto en Microsoft Office Word 2002 SP3 y 2003 SP3; Works versión 8.5; Office Converter Pack; y WordPad en Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo DOC con un número no válido de nombre de propiedad en la transmisión DocumentSummaryInformation, lo que desencadena un desbordamiento del búfer en la región heap de la memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=834 http://support.avaya.com/css/P8/documents/100070184 http://www.securityfocus.com/bid/37216 http://www.us-cert.gov/cas/techalerts/TA09-342A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5846 • CWE-189: Numeric Errors •

CVSS: 10.0EPSS: 44%CPEs: 11EXPL: 0

CVE-2009-3677

https://notcve.org/view.php?id=CVE-2009-3677

The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability." Internet Authentication Service (IAS) en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold y SP1 y Server 2008 Gold no verifica de manera apropiada las credenciales en una petición de autenticación MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP), lo que permite a atacantes remotos tener acceso a recuersos de red mediante una petición malformada. También conocido como "Vulnerabilidad de evasión de autenticación MS-CHAP". • http://www.securitytracker.com/id?1023291 http://www.us-cert.gov/cas/techalerts/TA09-342A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6209 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-255: Credentials Management Errors •

CVSS: 9.3EPSS: 2%CPEs: 7EXPL: 0

CVE-2009-4210

https://notcve.org/view.php?id=CVE-2009-4210

The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content. El codec Indeo en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 permite a atacantes remotos una denegación de servicio (corrupción de memoria) o posiblemente tener un impacto sin especificar otro impacto a través de contenido multimedia manipulado. • http://secunia.com/advisories/37592 http://securitytracker.com/id?1023302 http://support.microsoft.com/kb/954157 http://support.microsoft.com/kb/955759 http://support.microsoft.com/kb/976138 http://www.fortiguard.com/advisory/FGA-2009-45.html http://www.microsoft.com/technet/security/advisory/954157.mspx http://www.osvdb.org/60857 http://www.securityfocus.com/archive/1/508323/100/0/threaded http://www.securityfocus.com/bid/37251 http://www.vupen.com/english/advisories • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 17%CPEs: 8EXPL: 0

CVE-2009-4309 – Microsoft Windows Intel Indeo Codec Parsing Heap Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2009-4309

Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file. Desbordamiento del búfer de la memoria dinámica en el codec Intel Indeo41 para Windows Media Player en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 permite a atacantes remotos ejecutar código arbitrario a través de un valor grande de tamaño en una grabación de película en un stream IV41 en un fichero multimedia, como se demuestra en un fichero AVI. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Intel Indeo41 codec which is accessed by various applications through the Video Compression Manager. This codec is registered to handle IV41 streams within a container such as the AVI format. • http://secunia.com/advisories/37592 http://securitytracker.com/id?1023302 http://support.microsoft.com/kb/954157 http://support.microsoft.com/kb/955759 http://support.microsoft.com/kb/976138 http://www.microsoft.com/technet/security/advisory/954157.mspx http://www.osvdb.org/60855 http://www.securityfocus.com/archive/1/508324/100/0/threaded http://www.securityfocus.com/bid/37251 http://www.vupen.com/english/advisories/2009/3440 http://zerodayinitiative.com/advisories/ZDI-09& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •