CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0CVE-2008-4381
https://notcve.org/view.php?id=CVE-2008-4381
Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. El navegador Microsoft Internet Explorer v7 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de Javascript que llama a la función alert con una cadena codificada en formato URL de un número largo de caracteres inválidos. • http://securityreason.com/securityalert/4345 http://www.openwall.com/lists/oss-security/2008/10/03/7 http://www.openwall.com/lists/oss-security/2008/10/03/8 http://www.securityfocus.com/archive/1/496830/100/0/threaded http://www.securityfocus.com/archive/1/496926/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/45639 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 4%CPEs: 3EXPL: 0CVE-2008-4127
https://notcve.org/view.php?id=CVE-2008-4127
Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function. Mshtml.dll en Microsoft Internet Explorer 7 Gold 7.0.5730 y 8 Beta 8.0.6001 en Windows XP SP2 que permite a los atacantes remotos causar una denegación de servicios (fallo en rendererizado posterior de la imagen) a través de un fichero PNG manipulado, en relación a un bucle infinito en la función CDwnTaskExec::ThreadExec. • http://securityreason.com/securityalert/4273 http://www.securityfocus.com/archive/1/496483/100/0/threaded http://www.securityfocus.com/bid/31215 https://exchange.xforce.ibmcloud.com/vulnerabilities/45225 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 5%CPEs: 3EXPL: 1CVE-2008-4071 – Adobe Acrobat 9 - ActiveX Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-4071
A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. Un determinado control ActiveX en Adobe Acrobat 9, cuando es utilizado con Microsoft Windows Vista e Internet Explorer 7, permite a atacantes remotos provocar una denegación de servicio (caída del navegador) a través de un valor de la propiedad src con una URL acroie:// no válida. • https://www.exploit-db.com/exploits/6424 http://securityreason.com/securityalert/4257 https://exchange.xforce.ibmcloud.com/vulnerabilities/45195 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 69%CPEs: 22EXPL: 0CVE-2008-3012
https://notcve.org/view.php?id=CVE-2008-3012
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability." gdiplus.dll en GDI+ de Microsoft Internet Explorer 6 SP1, Windows XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, Server 2008, Office XP SP3, Office 2003 SP2 y SP3, 2007 Microsoft Office System Gold y SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 y 2008 y Forefront Client Security 1.0 no realiza correctamente la asignación de memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante un archivo de imagen EMF mal formado, también conocido como "GDI+ EMF Memory Corruption Vulnerability (Vulnerabilidad de Corrupción de Memoria GDI+EMF)". • http://marc.info/?l=bugtraq&m=122235754013992&w=2 http://secunia.com/advisories/32154 http://www.securityfocus.com/bid/31019 http://www.securitytracker.com/id?1020835 http://www.us-cert.gov/cas/techalerts/TA08-253A.html http://www.vupen.com/english/advisories/2008/2520 http://www.vupen.com/english/advisories/2008/2696 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval% • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 62%CPEs: 22EXPL: 0CVE-2008-3014
https://notcve.org/view.php?id=CVE-2008-3014
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." Desbordamiento de búfer en gdiplus.dll en GDI+ en Microsoft Internet Explorer 6 SP1, Windows XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, Server 2008, Office XP SP3, Office 2003 SP2 y SP3, 2007 Microsoft Office System Gold y SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 y 2008, y Forefront Client Security 1.0, permite a atacantes remotos ejecutar código de su elección a través de un archivo de imagen WMF que lanza una asignación de memoria inadecuada, también conocida como "Vulnerabilidad GDI+ WMF Buffer Overrun". • http://marc.info/?l=bugtraq&m=122235754013992&w=2 http://secunia.com/advisories/32154 http://www.securityfocus.com/bid/31021 http://www.securitytracker.com/id?1020837 http://www.us-cert.gov/cas/techalerts/TA08-253A.html http://www.vupen.com/english/advisories/2008/2520 http://www.vupen.com/english/advisories/2008/2696 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval% • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •