CVSS: 10.0EPSS: 83%CPEs: 28EXPL: 0CVE-2012-0159 – Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel)
https://notcve.org/view.php?id=CVE-2012-0159
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, y R2 SP1, Windows 7 Gold y SP1, y Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Silverlight v4 anterior a v4.1.10329; y Silverlight v5 anterior a v5.1.10411 permite a atacantes remotos ejecutar código arbitrario mediante un fichero de fuentes TrueType (TTF) manipulado, también conocido como "Vulnerabilidad TrueType Font Parsing " This vulnerability allows remote attackers to execute arbitrary code from the contact of kernelspace on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the kernel's support for TrueType font parsing of compound glyphs. A sign extension error exists in win32k.sys when processing compound glyphs having a total number of contours above 0x7FFF. This can be exploited to corrupt kernel heap memory placed below the space allocated for the "flags" buffer and potentially execute arbitrary code in kernel space. • http://secunia.com/advisories/49121 http://secunia.com/advisories/49122 http://www.securityfocus.com/bid/53335 http://www.securitytracker.com/id?1027039 http://www.us-cert.gov/cas/techalerts/TA12-129A.html http://www.us-cert.gov/cas/techalerts/TA12-164A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039 https://exchange.xforce.ibmcloud.com/vulnerabilities/75124 https:& • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 94%CPEs: 13EXPL: 1CVE-2011-0041 – GDI+ - 'gdiplus.dll' CreateDashedPath Integer Overflow
https://notcve.org/view.php?id=CVE-2011-0041
Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability." Desbordamiento de enteros en gdiplus.dll en GDI+ en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, Windows Server 2008 Gold y SP2, y Office XP SP3 permite a atacantes remotos ejecutar código de su elección a través de una imagen EMF manipulada, también conocido como "GDI+ Integer Overflow Vulnerability." GDI+ CreateDashedPath suffers from an integer overflow vulnerability in gdiplus.dll. • https://www.exploit-db.com/exploits/17544 http://www.us-cert.gov/cas/techalerts/TA11-102A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-029 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11854 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 47%CPEs: 17EXPL: 1CVE-2010-2738 – Microsoft Unicode Scripts Processor - Remote Code Execution (MS10-063)
https://notcve.org/view.php?id=CVE-2010-2738
The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." La implementación Uniscribe (conocido como nuevo Unicode Script Processor) en USP10.DLL de Microsoft Windows XP SP2 y SP3, Server 2003 SP2, Vista SP1 y SP2, y Server 2008 Gold y SP2, y Microsoft Office XP SP3, 2003 SP3, y 2007 SP2, no valida adecuadamente tablas asociadas con fuentes OpenType malformadas, lo cual permite a atacantes remotos ejecutar código a su elección a través de (1) un sitio web o (2) un documento Office manipulados, también conocido como "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." • https://www.exploit-db.com/exploits/15158 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7214 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 65%CPEs: 28EXPL: 0CVE-2010-1257
https://notcve.org/view.php?id=CVE-2010-1257
Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la API toStaticHTML, tal como es usada en Microsoft Office InfoPath 2003 SP3, 2007 SP1 y 2007 SP2; Office SharePoint Server 2007 SP1 y SP2; SharePoint Services 3.0 SP1 y SP2 y Internet Explorer 8 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores relacionados con procedimientos de limpieza. • http://support.avaya.com/css/P8/documents/100089747 http://www.securityfocus.com/bid/40409 http://www.us-cert.gov/cas/techalerts/TA10-159B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039 https://exchange.xforce.ibmcloud.com/vulnerabilities/58866 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 94%CPEs: 10EXPL: 0CVE-2009-2506
https://notcve.org/view.php?id=CVE-2009-2506
Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow. Desbordamiento de enteros en los convertidores de texto en Microsoft Office Word 2002 SP3 y 2003 SP3; Works versión 8.5; Office Converter Pack; y WordPad en Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo DOC con un número no válido de nombre de propiedad en la transmisión DocumentSummaryInformation, lo que desencadena un desbordamiento del búfer en la región heap de la memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=834 http://support.avaya.com/css/P8/documents/100070184 http://www.securityfocus.com/bid/37216 http://www.us-cert.gov/cas/techalerts/TA09-342A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5846 • CWE-189: Numeric Errors •