CVSS: 7.6EPSS: 4%CPEs: 3EXPL: 1CVE-1999-1593
https://notcve.org/view.php?id=CVE-1999-1593
15 Jan 2009 — Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable. Windows Internet Naming Service (WINS), permite atacantes remotos provocar una denegación de servicio (pérdida de conexión) o el robo de credencial... • http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00371.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 71%CPEs: 15EXPL: 0CVE-2008-4834 – Microsoft SMB NT Trans Request Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-4834
13 Jan 2009 — Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability." Desbordamiento de búfer de SMB en el servicio Server en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP1 y SP2, permite a atacantes remotos ejecutar código de su elección a tra... • http://www.securityfocus.com/archive/1/500012/100/0/threaded • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 65%CPEs: 15EXPL: 0CVE-2008-4835 – Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-4835
13 Jan 2009 — SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability." SMB en el servicio Server en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server ... • http://www.securityfocus.com/archive/1/500013/100/0/threaded • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 70%CPEs: 17EXPL: 0CVE-2008-2249
https://notcve.org/view.php?id=CVE-2008-2249
10 Dec 2008 — Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." Desbordamiento de entero en GDI en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008 permite a atacantes remotos ejecutar código de su elección mediante una cabe... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=762 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 41%CPEs: 53EXPL: 0CVE-2008-3009
https://notcve.org/view.php?id=CVE-2008-3009
10 Dec 2008 — Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." Microsoft Windows Media Player v6.4, Windows Media Format Runtime v7.1 a v11, y Windows Media Services v4.1, v9, y 2008 no usan apropiadamen... • http://secunia.com/advisories/33058 • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 41%CPEs: 10EXPL: 0CVE-2008-3010
https://notcve.org/view.php?id=CVE-2008-3010
10 Dec 2008 — Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 hasta 11, y Windows Media Services 4.1 y 9 incorrectamente asociado... • http://secunia.com/advisories/33058 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 42%CPEs: 17EXPL: 0CVE-2008-3465
https://notcve.org/view.php?id=CVE-2008-3465
10 Dec 2008 — Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." Desbordamiento de búfer basado en montículo en una API en GDI en Microso... • http://www.securitytracker.com/id?1021365 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 70%CPEs: 6EXPL: 2CVE-2008-4841 – Microsoft Windows Wordpad - '.doc' File Local Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2008-4841
10 Dec 2008 — The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. El WordPad Text Co... • https://www.exploit-db.com/exploits/6560 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 61%CPEs: 28EXPL: 0CVE-2008-4258
https://notcve.org/view.php?id=CVE-2008-4258
10 Dec 2008 — Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability." Microsoft Internet Explorer v5.01 SP4 y v6 SP1, no valida adecuadamente los parámetros en las llamadas a los métodos de navegación; esto permite a atacantes remotos ejecutar código de su elección a través de un doc... • http://www.securitytracker.com/id?1021371 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 61%CPEs: 28EXPL: 0CVE-2008-4260
https://notcve.org/view.php?id=CVE-2008-4260
10 Dec 2008 — Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 7 en ocasiones intenta acceder a objetos que han sido eliminados; esto permite a atacantes remotos ejecutar código de su elección a través de un documento HTML manipulado que provoca una corrupción de memoria. También se conoce como "Vul... • http://www.securitytracker.com/id?1021371 • CWE-399: Resource Management Errors •