CVSS: 9.1EPSS: 82%CPEs: 16EXPL: 5CVE-2008-4114 – Microsoft Windows - 'WRITE_ANDX' SMB Command Handling Kernel Denial of Service
https://notcve.org/view.php?id=CVE-2008-4114
16 Sep 2008 — srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability." SRV.sy... • https://packetstorm.news/files/id/180565 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 63%CPEs: 9EXPL: 0CVE-2008-1092
https://notcve.org/view.php?id=CVE-2008-1092
25 Mar 2008 — Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026. Un desbordamiento de búfer en la biblioteca msjet40.dll anterior a la versión 4.0.9505.0 en el Motor de Base de datos de Microsoft Jet permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo de Word ... • http://marc.info/?l=bugtraq&m=121129490723574&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 52%CPEs: 7EXPL: 0CVE-2007-0065
https://notcve.org/view.php?id=CVE-2007-0065
12 Feb 2008 — Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. Búfer overflow basado en montículo en el objeto OLE (Object Linking and Embedding)Automation en Windows 2000 SP4, XP SP2, Server 2003 SP1 y SP2, Vista, Office 2004 para Mac, y Visual basic 6.0 SP6, permite a atacantes remotos ejecutar códi... • http://marc.info/?l=bugtraq&m=120361015026386&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 64%CPEs: 5EXPL: 0CVE-2008-0088
https://notcve.org/view.php?id=CVE-2008-0088
12 Feb 2008 — Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. Vulnerabilidad sin especificar en Active Directory de Microsoft Windows 2000 y Windows Server 2003 y Active Directory Application Mode (ADAM) de XP y Server 2003. Permite a atacantes remotos provocar una denegación de servicio (cuelgue y reinicio)... • http://marc.info/?l=bugtraq&m=120361015026386&w=2 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 0CVE-2007-5352
https://notcve.org/view.php?id=CVE-2007-5352
08 Jan 2008 — Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. Vulnerabilidad no especificada en Local Security Authority Subsystem Service (LSASS) en Microsoft Windows 2000 SP4, XP SP2, y Server 2003 SP1 y SP2 permite a usuarios locales ganar privilegios a través de una respuesta de procedimiento de llamada local (LPC). • http://secunia.com/advisories/28341 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.4EPSS: 19%CPEs: 21EXPL: 0CVE-2007-5355
https://notcve.org/view.php?id=CVE-2007-5355
05 Dec 2007 — The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. La característica Web Proxy Auto-Discovery en Microsoft Internet Explorer 6 y 7, cuando un sufijo de DNS primario con tres o más componentes es configurado, resuelve nombre de host... • http://secunia.com/advisories/27901 •
CVSS: 9.8EPSS: 58%CPEs: 10EXPL: 0CVE-2007-2219
https://notcve.org/view.php?id=CVE-2007-2219
12 Jun 2007 — Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function. Vulnerabilidad no especificada en en la API Win32 de Microsoft Windows 2000, XP SP2, y Server 2003 SP1 y SP2 permite a atacantes remotos ejecutar código de su elección mediante determinados parámetros para una función no especificada. • http://osvdb.org/35341 •
CVSS: 9.3EPSS: 53%CPEs: 19EXPL: 0CVE-2007-0218
https://notcve.org/view.php?id=CVE-2007-0218
12 Jun 2007 — Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. Microsoft Internet Explorer versiones 5.01 y 6 permite a los atacantes remotos ejecutar código arbitrario mediante peticiones de determinados objetos COM desde la biblioteca Urlmon.dll, lo que desencadena corrupción de memoria durante una llamada a la función IObjectSafety. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=542 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 62%CPEs: 19EXPL: 0CVE-2007-1750
https://notcve.org/view.php?id=CVE-2007-1750
12 Jun 2007 — Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. Vulnerabilidad no especificada en Microsoft Internet Explorer 6 permite a atacantes remotos ejecutar código de su elección mediante una etiqueta de Hoja de Estilo en Cascada (CSS) que dispara una corrupción de memoria. • http://osvdb.org/35349 •
CVSS: 9.8EPSS: 50%CPEs: 4EXPL: 0CVE-2007-2218
https://notcve.org/view.php?id=CVE-2007-2218
12 Jun 2007 — Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. Vulnerabilidad no especificada en Windows Schannel Security Package para Microsoft Windows 2000 SP4, XP SP2, y Server 2003 SP1 y SP2, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de se... • http://secunia.com/advisories/25620 •