CVSS: 9.3EPSS: 1%CPEs: 11EXPL: 0CVE-2012-0180
https://notcve.org/view.php?id=CVE-2012-0180
09 May 2012 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability." win32k.sys en los controladores en Microsoft Windows XP SP2 y SP3, Windows Server 2003 ... • http://www.securityfocus.com/bid/53324 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 4%CPEs: 10EXPL: 1CVE-2012-0181 – Microsoft Windows XP - Keyboard Layouts Pool Corruption (PoC) (MS12-034)
https://notcve.org/view.php?id=CVE-2012-0181
09 May 2012 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability." win32k.sys en los controladores en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, ... • https://www.exploit-db.com/exploits/18894 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 1%CPEs: 11EXPL: 0CVE-2012-1848
https://notcve.org/view.php?id=CVE-2012-1848
09 May 2012 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability." win32k.sys en los controladores en modo kernel en Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vi... • http://www.securityfocus.com/bid/53327 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 89%CPEs: 19EXPL: 0CVE-2012-0151 – Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0151
10 Apr 2012 — The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability." La función Authenticode Signature... • http://osvdb.org/81135 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 43%CPEs: 27EXPL: 0CVE-2012-0168
https://notcve.org/view.php?id=CVE-2012-0168
10 Apr 2012 — Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario a través de un documento HTML modificado que no es apropiadamente manejado durante una operación de impresión "Print... • http://osvdb.org/81126 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 58%CPEs: 27EXPL: 0CVE-2012-0171
https://notcve.org/view.php?id=CVE-2012-0171
10 Apr 2012 — Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 no maneja apropiadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitrario accediendo a un objeto borrado. También conocida como "vulnerabilidad de ejecución de código remota SelectAll". • http://www.securitytracker.com/id?1026901 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 87%CPEs: 13EXPL: 4CVE-2012-0002 – Microsoft Remote Desktop Protocol Channel Abort Condition Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0002
13 Mar 2012 — The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability." La aplicación Remote Desktop Protocol (RDP) de Mi... • https://packetstorm.news/files/id/180945 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 73%CPEs: 4EXPL: 0CVE-2012-0006
https://notcve.org/view.php?id=CVE-2012-0006
13 Mar 2012 — The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability." El servidor DNS en Microsoft Windows Server 2003 SP2 y Server 2008 Service Pack 2, R2 y R2 SP1, no trata correctamente los objetos en la memoria durante la búsqueda de registro, lo que permite a atacantes remotos provoc... • http://osvdb.org/80005 • CWE-399: Resource Management Errors •
CVSS: 8.4EPSS: 1%CPEs: 13EXPL: 0CVE-2012-0157
https://notcve.org/view.php?id=CVE-2012-0157
13 Mar 2012 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability." win32k.sys en los controladores en modo kernel de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows... • http://osvdb.org/80002 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 20%CPEs: 27EXPL: 0CVE-2012-0010
https://notcve.org/view.php?id=CVE-2012-0010
14 Feb 2012 — Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability." Microsoft Internet Explorer v6 hasta v9, no realiza adecuadamente las operaciones copiar y pegar, lo que permite a atacantes remotos asistidos por el usuario leer el contenido de un diferente (1) dominio o (2) zona a través de un sitio ... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-010 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •