CVSS: 8.4EPSS: 0%CPEs: 16EXPL: 0CVE-2008-4036
https://notcve.org/view.php?id=CVE-2008-4036
15 Oct 2008 — Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability." Desbordamiento de entero en el Gestor de Memoria en Microsoft Windows XP SP2... • http://marc.info/?l=bugtraq&m=122479227205998&w=2 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 72%CPEs: 17EXPL: 0CVE-2008-4038
https://notcve.org/view.php?id=CVE-2008-4038
15 Oct 2008 — Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability." Desbordamiento inferior de búfer en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008 permite a atacantes remotos ejecutar código de su elección mediante una p... • http://marc.info/?l=bugtraq&m=122479227205998&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 82%CPEs: 16EXPL: 5CVE-2008-4114 – Microsoft Windows - 'WRITE_ANDX' SMB Command Handling Kernel Denial of Service
https://notcve.org/view.php?id=CVE-2008-4114
16 Sep 2008 — srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability." SRV.sy... • https://packetstorm.news/files/id/180565 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 63%CPEs: 9EXPL: 0CVE-2008-1092
https://notcve.org/view.php?id=CVE-2008-1092
25 Mar 2008 — Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026. Un desbordamiento de búfer en la biblioteca msjet40.dll anterior a la versión 4.0.9505.0 en el Motor de Base de datos de Microsoft Jet permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo de Word ... • http://marc.info/?l=bugtraq&m=121129490723574&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 52%CPEs: 7EXPL: 0CVE-2007-0065
https://notcve.org/view.php?id=CVE-2007-0065
12 Feb 2008 — Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. Búfer overflow basado en montículo en el objeto OLE (Object Linking and Embedding)Automation en Windows 2000 SP4, XP SP2, Server 2003 SP1 y SP2, Vista, Office 2004 para Mac, y Visual basic 6.0 SP6, permite a atacantes remotos ejecutar códi... • http://marc.info/?l=bugtraq&m=120361015026386&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 64%CPEs: 5EXPL: 0CVE-2008-0088
https://notcve.org/view.php?id=CVE-2008-0088
12 Feb 2008 — Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. Vulnerabilidad sin especificar en Active Directory de Microsoft Windows 2000 y Windows Server 2003 y Active Directory Application Mode (ADAM) de XP y Server 2003. Permite a atacantes remotos provocar una denegación de servicio (cuelgue y reinicio)... • http://marc.info/?l=bugtraq&m=120361015026386&w=2 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 0CVE-2007-5352
https://notcve.org/view.php?id=CVE-2007-5352
08 Jan 2008 — Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. Vulnerabilidad no especificada en Local Security Authority Subsystem Service (LSASS) en Microsoft Windows 2000 SP4, XP SP2, y Server 2003 SP1 y SP2 permite a usuarios locales ganar privilegios a través de una respuesta de procedimiento de llamada local (LPC). • http://secunia.com/advisories/28341 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.4EPSS: 19%CPEs: 21EXPL: 0CVE-2007-5355
https://notcve.org/view.php?id=CVE-2007-5355
05 Dec 2007 — The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. La característica Web Proxy Auto-Discovery en Microsoft Internet Explorer 6 y 7, cuando un sufijo de DNS primario con tres o más componentes es configurado, resuelve nombre de host... • http://secunia.com/advisories/27901 •
CVSS: 4.3EPSS: 51%CPEs: 12EXPL: 0CVE-2007-2227
https://notcve.org/view.php?id=CVE-2007-2227
12 Jun 2007 — The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." El manejador de protocolo MHTML en Microsoft Outlook Express 6 y Windows Mail en Windows Vista no maneja adecuadamente "notificaciones" de disposición de contenido (Content-... • http://archive.openmya.devnull.jp/2007.06/msg00060.html •
CVSS: 9.8EPSS: 58%CPEs: 10EXPL: 0CVE-2007-2219
https://notcve.org/view.php?id=CVE-2007-2219
12 Jun 2007 — Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function. Vulnerabilidad no especificada en en la API Win32 de Microsoft Windows 2000, XP SP2, y Server 2003 SP1 y SP2 permite a atacantes remotos ejecutar código de su elección mediante determinados parámetros para una función no especificada. • http://osvdb.org/35341 •