CVE-2004-0839
https://notcve.org/view.php?id=CVE-2004-0839
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". • http://marc.info/?l=bugtraq&m=109303291513335&w=2 http://marc.info/?l=bugtraq&m=109336221826652&w=2 http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html http://www.kb.cert.org/vuls/id/526089 http://www.securityfocus.com/bid/10973 http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/17044 https://oval.cisecurity.org/repository/search •
CVE-2004-0212 – Microsoft Windows Task Scheduler (XP/2000) - '.job' (MS04-022)
https://notcve.org/view.php?id=CVE-2004-0212
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share. Vulnerabilidad basada en la pila en el Programador de Tareas de Windows 2000 y XP, e Internet Explorer 6 en Windows NT 4.0 permite a atacantes remotos o locales ejecutar código de su elección mediante un fichero .job conteniendo parámetros grandes, como se ha demostrado utlizando Internet Explorer y accediendo a un fichero .job en una carpeta de red compartida anónimamente. • https://www.exploit-db.com/exploits/353 https://www.exploit-db.com/exploits/368 http://marc.info/?l=bugtraq&m=108981273009250&w=2 http://marc.info/?l=bugtraq&m=108981403025596&w=2 http://secunia.com/advisories/12060 http://www.kb.cert.org/vuls/id/228028 http://www.ngssoftware.com/advisories/mstaskjob.txt http://www.us-cert.gov/cas/techalerts/TA04-196A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022 https://exchange.xforce •
CVE-2004-0215
https://notcve.org/view.php?id=CVE-2004-0215
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header. Microsoft Outlook Express 5.5 y 6 permiten a atacantes causar una denegación de servicio (caída de la aplicación) mediante una cabecera de correo electrónico malformada. • http://www.kb.cert.org/vuls/id/869640 http://www.us-cert.gov/cas/techalerts/TA04-196A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-018 https://exchange.xforce.ibmcloud.com/vulnerabilities/16585 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1950 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2137 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A26 •
CVE-2004-0201
https://notcve.org/view.php?id=CVE-2004-0201
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. Vulnerabilidad basada en el montón en el programa HtmlHelp (hh.exe) en ayuda HTML de Microsoft Windows 98, Me, NT, 4.0, 2000, XP y Server 2003 permite a atacantes remotos ejecutar órdenes de su elección mediante un fichero .CHML con un campo de longitud largo, una vulnerabilidad distinta de CAN-2003-1041. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023919.html http://www.kb.cert.org/vuls/id/920060 http://www.us-cert.gov/cas/techalerts/TA04-196A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023 https://exchange.xforce.ibmcloud.com/vulnerabilities/16586 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1503 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1530 https:/ •
CVE-2004-0205
https://notcve.org/view.php?id=CVE-2004-0205
Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. Desbordamiento de búfer en Microsoft Internet Information Server (IIS) 4.0 permite a usuarios locales ejecutar código de su elección mediante la función de redirección. • http://secunia.com/advisories/12061 http://www.ciac.org/ciac/bulletins/o-179.shtml http://www.kb.cert.org/vuls/id/717748 http://www.osvdb.org/7799 http://www.securityfocus.com/bid/10706 http://www.us-cert.gov/cas/techalerts/TA04-196A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-021 https://exchange.xforce.ibmcloud.com/vulnerabilities/16578 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2204 •