CVSS: 10.0EPSS: 66%CPEs: 28EXPL: 0CVE-2012-0159 – Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel)
https://notcve.org/view.php?id=CVE-2012-0159
09 May 2012 — Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Wind... • http://secunia.com/advisories/49121 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 25%CPEs: 17EXPL: 2CVE-2010-2738 – Microsoft Unicode Scripts Processor - Remote Code Execution (MS10-063)
https://notcve.org/view.php?id=CVE-2010-2738
15 Sep 2010 — The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." La implementación Uniscribe... • https://packetstorm.news/files/id/94407 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 44%CPEs: 28EXPL: 0CVE-2010-1257
https://notcve.org/view.php?id=CVE-2010-1257
08 Jun 2010 — Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la API toStaticHTML, tal como es usada en Microsoft Office InfoPath 2003 SP3, 2007 SP1 y 2007 SP2; Off... • http://support.avaya.com/css/P8/documents/100089747 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 24%CPEs: 19EXPL: 0CVE-2010-1689 – Core Security Technologies Advisory 2010.0427
https://notcve.org/view.php?id=CVE-2010-1689
05 May 2010 — The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerab... • http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0058.html • CWE-310: Cryptographic Issues •
CVSS: 7.4EPSS: 19%CPEs: 19EXPL: 0CVE-2010-1690 – Core Security Technologies Advisory 2010.0427
https://notcve.org/view.php?id=CVE-2010-1690
05 May 2010 — The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerabi... • http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0058.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 40%CPEs: 16EXPL: 0CVE-2010-0024
https://notcve.org/view.php?id=CVE-2010-0024
14 Apr 2010 — The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." El componente SMTP en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, y Server 2008 Gold, SP2, y R2, y Exchange Server 2000 SP3, no valida adecuada... • http://www.us-cert.gov/cas/techalerts/TA10-103A.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 54%CPEs: 16EXPL: 0CVE-2010-0025
https://notcve.org/view.php?id=CVE-2010-0025
14 Apr 2010 — The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." El componente SMTP en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, y Server 2008 Gold, SP2, y R2, y Ex... • http://secunia.com/advisories/39253 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 2%CPEs: 30EXPL: 0CVE-2009-3731 – VMware Security Advisory 2009-0017
https://notcve.org/view.php?id=CVE-2009-3731
15 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) ... • http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 71%CPEs: 10EXPL: 0CVE-2009-2506 – iDEFENSE Security Advisory 2009-12-08.2
https://notcve.org/view.php?id=CVE-2009-2506
09 Dec 2009 — Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow. Desbordamiento de enteros en los convertidores de texto en Microsoft Office Word 2002 SP3 y 2003 SP3; Works versión 8.5; Office ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=834 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 46%CPEs: 61EXPL: 0CVE-2009-2504
https://notcve.org/view.php?id=CVE-2009-2504
14 Oct 2009 — Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-189: Numeric Errors •