CVSS: 9.0EPSS: 29%CPEs: 8EXPL: 0CVE-2008-1457
https://notcve.org/view.php?id=CVE-2008-1457
The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. El Sistema de Eventos en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1 y Server 2008 no valida correctamente las subscripciones por usuario, lo que permite a usuarios autentificados remotamente ejecutar código de su elección mediante una petición de subscripción a un evento manipulada. • http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/31417 http://www.securityfocus.com/bid/30584 http://www.securitytracker.com/id?1020677 http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2353 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-049 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6095 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2008-1931
https://notcve.org/view.php?id=CVE-2008-1931
Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allow local users to create, write, and read registry keys via a crafted IOCTL request. Los Drivers para los Codec de Audio de Realtek HD, RTKVHDA.sys y RTKVHDA64.sys, versiones anteriores a 6.0.1.5605 en Windows Vista, permite a usuarios locales crear, escribir y registrar claves a través de una petición IOCTL manipulada. • http://secunia.com/advisories/29953 http://www.securityfocus.com/archive/1/491249/100/0/threaded http://www.securityfocus.com/bid/28909 http://www.vupen.com/english/advisories/2008/1350/references http://www.wintercore.com/advisories/advisory_W010408.html https://exchange.xforce.ibmcloud.com/vulnerabilities/41976 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2008-1932
https://notcve.org/view.php?id=CVE-2008-1932
Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allows local users to execute arbitrary code via a crafted IOCTL request. Desbordamiento de entero en los controladores RTKVHDA.sys y RTKVHDA64.sys del Codec de audio Realtek HD anterior a la version 6.0.1.5605 en Windows Vista permite a usuarios locales ejecutar código arbitrario mediante la creación de respuestas IOCTL manipuladas. • http://secunia.com/advisories/29953 http://www.securityfocus.com/archive/1/491249/100/0/threaded http://www.securityfocus.com/bid/28909 http://www.vupen.com/english/advisories/2008/1350/references http://www.wintercore.com/advisories/advisory_W010408.html https://exchange.xforce.ibmcloud.com/vulnerabilities/42079 • CWE-189: Numeric Errors •
CVSS: 9.0EPSS: 94%CPEs: 13EXPL: 2CVE-2008-1436 – Microsoft Windows - 'SeImpersonatePrivilege' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-1436
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping. Microsoft Windows XP Professional SP2, vista y Server 2003 y 2008 no asignan apropiadamente las actividades a las cuentas (1) NetworkService y (2) LocalService, lo que podría permitir que los atacantes dependientes del contexto consigan privilegios mediante el uso de un proceso de servicio para capturar un recurso de un segundo proceso de servicio que tiene una capacidad de escalado de privilegios LocalSystem, relacionada con la administración inadecuada del derecho de usuario SeImpersonatePrivilege, como se informó originalmente para Internet Information Services (IIS), también se conoce como token Secuestro. • https://www.exploit-db.com/exploits/31667 http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx http://isc.sans.org/diary.html?storyid=4306 http://milw0rm.com/sploits/2008-Churrasco.zip http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html http://secunia.com/advisories/29867 http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html http://www.argeniss.com/research/Churrasc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 2CVE-2008-1471 – Panda Internet Security/AntiVirus+Firewall 2008 - 'CPoint.sys' Memory Corruption
https://notcve.org/view.php?id=CVE-2008-1471
The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory. El dispositivo cpoint.sys driver en Panda Internet Security 2008 y Antivirus+ Firewall 2008 permite a usuarios locales provocar una denegación de servicio (caída del sistema o kernel panic), sobrescribir memoria o ejecutar código de su elección a través de una petición IOCTL manipulada que dispara una escritura en memoria fuera de límite. • https://www.exploit-db.com/exploits/31363 http://secunia.com/advisories/29311 http://www.pandasecurity.com/homeusers/support/card?id=41231&idIdioma=2&ref=ProdExp http://www.pandasecurity.com/homeusers/support/card?id=41337&idIdioma=2&ref=ProdExp http://www.securityfocus.com/archive/1/489292/100/0/threaded http://www.securityfocus.com/bid/28150 http://www.securitytracker.com/id?1019568 http://www.trapkit.de/advisories/TKADV2008-001.txt http://www.vupen.com/english/advisories/2008/0 • CWE-399: Resource Management Errors •