CVSS: 9.3EPSS: 44%CPEs: 23EXPL: 0CVE-2012-0011 – Microsoft Internet Explorer CDispNode t:MEDIA Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0011
14 Feb 2012 — Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability." Microsoft Internet Explorer v7 hasta v9, no maneja apropiadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a objetos borrados, también conocido como "HTML Layout Remote Code Execution Vulnerability." This vulnerability allows ... • http://www.us-cert.gov/cas/techalerts/TA12-045A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 48%CPEs: 26EXPL: 0CVE-2012-0014
https://notcve.org/view.php?id=CVE-2012-0014
14 Feb 2012 — Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability." Microsoft .NET Framework v2.0 SP2 y v3.5.1 y v4, y Silverlight v4... • http://www.us-cert.gov/cas/techalerts/TA12-045A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 53%CPEs: 13EXPL: 0CVE-2012-0015
https://notcve.org/view.php?id=CVE-2012-0015
14 Feb 2012 — Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability." Microsoft .NET Framework v2.0 SP2 y v3.5.1 no calcula correctamente la longitud de un búfer no especificado, lo que permite a atacantes remotos ejecutar código d... • http://www.us-cert.gov/cas/techalerts/TA12-045A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 1%CPEs: 9EXPL: 0CVE-2012-0148
https://notcve.org/view.php?id=CVE-2012-0148
14 Feb 2012 — afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability." afd.sys en Ancillary Function Driver en Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Ser... • http://www.us-cert.gov/cas/techalerts/TA12-045A.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 13EXPL: 0CVE-2012-0154
https://notcve.org/view.php?id=CVE-2012-0154
14 Feb 2012 — Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability." Vulnerabilidad use-after-free en win32k.sys en el controlador kernel-mode en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windo... • http://www.us-cert.gov/cas/techalerts/TA12-045A.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 88%CPEs: 13EXPL: 2CVE-2012-0003 – Microsoft Windows - midiOutPlayNextPolyEvent Heap Overflow (MS12-004)
https://notcve.org/view.php?id=CVE-2012-0003
10 Jan 2012 — Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability." Una vulnerabilidad no especificada en winmm.dll en la Biblioteca Multimedia de Windows de Windows Media Player (WMP) bajo Microsoft Windows XP SP2 y SP3, Server 2003 SP2, Windows Vista SP2 y Server 2008 SP... • https://www.exploit-db.com/exploits/18426 •
CVSS: 9.3EPSS: 56%CPEs: 11EXPL: 0CVE-2012-0001
https://notcve.org/view.php?id=CVE-2012-0001
10 Jan 2012 — The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability." El kernel de Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 Service Pack 2,... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html •
CVSS: 9.3EPSS: 58%CPEs: 13EXPL: 0CVE-2012-0004
https://notcve.org/view.php?id=CVE-2012-0004
10 Jan 2012 — Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability." Vulnerabilidad no especificada en DirectShow en DirectX de Microsoft Windows XP SP2 y SP3, Windo... • http://secunia.com/advisories/47485 •
CVSS: 9.3EPSS: 87%CPEs: 12EXPL: 2CVE-2012-0013 – Microsoft Office - ClickOnce Unsafe Object Package Handling (MS12-005)
https://notcve.org/view.php?id=CVE-2012-0013
10 Jan 2012 — Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability." Una vulnerabilidad de la lista negra incompleta en la configuración de Windows Packager en Microsoft ... • https://www.exploit-db.com/exploits/19037 •
CVSS: 9.3EPSS: 74%CPEs: 8EXPL: 2CVE-2011-5046 – Apple Safari - GdiDrawStream Blue Screen of Death
https://notcve.org/view.php?id=CVE-2011-5046
30 Dec 2011 — The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerab... • https://www.exploit-db.com/exploits/18275 • CWE-20: Improper Input Validation •