Page 142 of 1003 results (0.008 seconds)

CVSS: 9.3EPSS: 87%CPEs: 6EXPL: 2

CVE-2008-4841 – Microsoft Windows Wordpad - '.doc' File Local Denial of Service (PoC)

https://notcve.org/view.php?id=CVE-2008-4841

The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. El WordPad Text Converter para archivos Word 97 en Microsoft Windows 2000 SP4, XP SP2, y Server 2003 SP1 y SP2 permite a atacantes remotos ejecutar código de su elección a través de un archivo (1) .doc, (2) .wri, o (3) .rtf Word 97 manipulado que provoca una corrupción de memoria, como se ha explotado libremente en Diciembre de 2008. NOTA: desde 10122008, no está claro si esta vulnerabilidad está relacionada con un caso de WordPad descubierto en 25092008 con el ejemplo 2008-crash.doc.rar, pero no hay suficientes detalles para verificarlo. • https://www.exploit-db.com/exploits/6560 http://milw0rm.com/sploits/2008-crash.doc.rar http://secunia.com/advisories/32997 http://securityreason.com/securityalert/4711 http://securitytracker.com/id?1021376 http://www.microsoft.com/technet/security/advisory/960906.mspx http://www.securityfocus.com/bid/31399 http://www.securityfocus.com/bid/32718 http://www.us-cert.gov/cas/techalerts/TA09-104A.html http://www.vupen.com/english/advisories/2008/3390 http://www.vupen.com/en • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 47%CPEs: 17EXPL: 0

CVE-2008-2249

https://notcve.org/view.php?id=CVE-2008-2249

Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." Desbordamiento de entero en GDI en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008 permite a atacantes remotos ejecutar código de su elección mediante una cabecera malformada en un fichero WMF manipulado, lo que dispara un desbordamiento de búfer, alias "Vulnerabilidad de Desbordamiento de Entero en GDI". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=762 http://www.securitytracker.com/id?1021365 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3383 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5984 • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 12%CPEs: 28EXPL: 0

CVE-2008-4261

https://notcve.org/view.php?id=CVE-2008-4261

Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." El desbordamiento del búfer en región stack de la memoria en Microsoft Internet Explorer versiones 5.01 SP4, 6 SP1 en Windows 2000 y 6 en Windows XP y Server 2003, no maneja apropiadamente los datos extraños asociados con un objeto incrustado en una página web, lo que permite a los atacantes remotos ejecutar código arbitrario por medio de etiquetas HTML creadas que desencadenan daños en la memoria, también se conoce como "HTML Rendering Memory Corruption Vulnerability". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=761 http://www.securitytracker.com/id?1021371 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3385 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5829 • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 96%CPEs: 28EXPL: 0

CVE-2008-4259 – Microsoft Internet Explorer Webdav Request Parsing Heap Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2008-4259

Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability." Microsoft Internet Explorer versión 7 algunas veces intenta acceder a las ubicaciones de memoria no inicializadas, lo que permite a los atacantes remotos ejecutar código arbitrario por medio de un documento HTML creado que desencadena la corrupción de la memoria, relacionada con una petición WebDAV para un archivo con un nombre largo, también se conoce como “HTML Objects Memory Corruption Vulnerability" This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 7 on the Microsoft Vista operating system. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during a WebDAV fetch of a document from a path containing a large number of characters. Mishandling of cached content results in a heap corruption which can be leveraged to execute arbitrary code under the context of the current instance of Internet Explorer. • http://www.securityfocus.com/archive/1/499065/100/0/threaded http://www.securitytracker.com/id?1021371 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3385 http://www.zerodayinitiative.com/advisories/ZDI-08-087 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5706 • CWE-399: Resource Management Errors •

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 3

CVE-2008-5044 – Microsoft Windows Vista/2003 - 'UnhookWindowsHookEx' Local Denial of Service

https://notcve.org/view.php?id=CVE-2008-5044

Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring. Condición de carrera en Microsoft Windows Server 2003 y Vista; permite a usuarios loscales provocar una denegación de servicio (caída o cuelgue) mediante una aplicación multi-hilo que realice muchas llamadas a UnhookWindowsHookEx a la vez que se esté realizando otra actividad del escritorio. • https://www.exploit-db.com/exploits/32573 http://killprog.com/whk.zip http://securityreason.com/securityalert/4576 http://www.securityfocus.com/archive/1/498165/100/0/threaded http://www.securityfocus.com/bid/32206 https://exchange.xforce.ibmcloud.com/vulnerabilities/46506 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •