CVSS: 7.8EPSS: 17%CPEs: 5EXPL: 1CVE-2011-1984 – Microsoft WINS - ECommEndDlg Input Validation Error (MS11-035/MS11-070)
https://notcve.org/view.php?id=CVE-2011-1984
15 Sep 2011 — WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability." WINS en Microsoft Windows Server 2003 SP2 y Server 2008 SP2, R2, R2 SP1 permite a usuarios locales obtener privilegios mediante el envío de paquetes modificados a la interfaz de loopback. Se trata de un problema tambien conocido como "Vulnerabilidad de elevación local de privilegios e... • https://www.exploit-db.com/exploits/17831 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 50%CPEs: 13EXPL: 0CVE-2011-1991
https://notcve.org/view.php?id=CVE-2011-1991
15 Sep 2011 — Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) th... • http://www.us-cert.gov/cas/techalerts/TA11-256A.html •
CVSS: 8.1EPSS: 12%CPEs: 23EXPL: 0CVE-2011-1257
https://notcve.org/view.php?id=CVE-2011-1257
10 Aug 2011 — Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability." Condición de carrera en Microsoft Internet Explorer de la v6 a la v8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores que involucran el acceso a un objeto, también conocido como... • http://www.us-cert.gov/cas/techalerts/TA11-221A.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 19%CPEs: 30EXPL: 0CVE-2011-1960
https://notcve.org/view.php?id=CVE-2011-1960
10 Aug 2011 — Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability." Microsoft Internet Explorer de la v6 a la v9 no aplica correctamente los controladores de eventos de JavaScript, que permiten a atacantes remotos acceder al contenido desde un diferente (1) dominio o (2) zona a través de código de script no ... • http://www.us-cert.gov/cas/techalerts/TA11-221A.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.3EPSS: 29%CPEs: 30EXPL: 0CVE-2011-1961
https://notcve.org/view.php?id=CVE-2011-1961
10 Aug 2011 — The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability." El manejador de URIs de telnet en Microsoft Internet Explorer 6 hasta la versión 9 no ejecuta apropiadamente la aplicación asignada, lo que permite a atacantes remotos ejecutar programas arbitrarios a través de una página web modificada. También conocida... • http://jvn.jp/en/jp/JVN80404511/index.html •
CVSS: 4.3EPSS: 17%CPEs: 30EXPL: 0CVE-2011-1962
https://notcve.org/view.php?id=CVE-2011-1962
10 Aug 2011 — Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 no maneja apropiadamente secuencias de caracteres sin especificar, lo que permite a atacantes remotos leer contenido de un diferente (1) dominio o (2) zona a través de un... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2011-1967
https://notcve.org/view.php?id=CVE-2011-1967
10 Aug 2011 — Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability." Winsrv.dll en el Cliente/Servidor Sub... • http://www.us-cert.gov/cas/techalerts/TA11-221A.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.9EPSS: 58%CPEs: 5EXPL: 0CVE-2011-1970
https://notcve.org/view.php?id=CVE-2011-1970
10 Aug 2011 — The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability." El servidor DNS en Microsoft Windows Server 2003 SP2 y Windows Server 2008 SP2, R2 y R2 SP1, no inicia memoria adecuadamente, esto permite a atacantes remotos provocar una denegación de servicio (parada de se... • http://www.us-cert.gov/cas/techalerts/TA11-221A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 21%CPEs: 15EXPL: 0CVE-2011-1977
https://notcve.org/view.php?id=CVE-2011-1977
10 Aug 2011 — The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability." Los controles ASP.NET Chart de Microsoft .NET Framework 4, and Chart Control para Microsoft .NET Framework 3.5 SP1, no verifican apropiadamente funciones en URIs, lo que permite a atacantes re... • http://www.us-cert.gov/cas/techalerts/TA11-221A.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 18%CPEs: 27EXPL: 0CVE-2011-1978
https://notcve.org/view.php?id=CVE-2011-1978
10 Aug 2011 — Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability." Microsoft .NET Framework v2.0 SP2, v3.5.1 y v4 no valida adecuadamente el nivel de confianza de System.Net.Socke... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-069 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •