CVSS: 7.8EPSS: 4%CPEs: 18EXPL: 1CVE-2010-1897 – Microsoft Windows - CreateWindow Function Callback (MS10-048)
https://notcve.org/view.php?id=CVE-2010-1897
11 Aug 2010 — The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability." El controlador -driver- de Windows kernel-mode en win32k.sys... • https://www.exploit-db.com/exploits/14608 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-7211 – Creative Ensoniq PCI ES1371 WDM Driver 5.1.3612 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-7211
11 Sep 2009 — CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Ensoniq PCI 1371 sound cards and when running on Windows Vista, does not create a Functional Device Object (FDO) to prevent user-moade access to the Physical Device Object (PDO), which allows local users to gain SYSTEM privileges via a crafted IRP request that dereferences a NULL FsContext pointer. El controlador de audio CreativeLabs es1371mp.sys v5.1.3612.0 WDM, como el usado en las tarjetas de sonido Ensoniq PCI 1371, y cuand... • https://www.exploit-db.com/exploits/30999 •
CVSS: 7.8EPSS: 1%CPEs: 10EXPL: 1CVE-2008-3464 – Microsoft Windows XP/2003 - 'afd.sys' Local Privilege Escalation (K-plugin) (MS08-066)
https://notcve.org/view.php?id=CVE-2008-3464
15 Oct 2008 — afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability." El archivo afd.sys en el componente Ancillary Function Driver... • https://www.exploit-db.com/exploits/6757 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 2CVE-2008-1471 – Panda Internet Security/AntiVirus+Firewall 2008 - 'CPoint.sys' Memory Corruption
https://notcve.org/view.php?id=CVE-2008-1471
24 Mar 2008 — The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory. El dispositivo cpoint.sys driver en Panda Internet Security 2008 y Antivirus+ Firewall 2008 permite a usuarios locales provocar una denegación de servicio (caída del sistema o kernel panic), sobrescribir memo... • https://www.exploit-db.com/exploits/31363 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 2CVE-2007-1793 – Symantec (Multiple Products) - 'SPBBCDrv' Driver Local Denial of Service
https://notcve.org/view.php?id=CVE-2007-1793
02 Apr 2007 — SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected. El archivo SPBBCDrv.sys en Symantec... • http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2006-4541 – Internet Security Systems 3.6 BlackICE - Local Denial of Service
https://notcve.org/view.php?id=CVE-2006-4541
05 Sep 2006 — RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function. NOTE: it was later reported that 3.6.cqn is also affected. RapDrv.sys en BlackICE PC Protection 3.6.cpn, cpj, cpiE, y posiblemente 3.6 y anteriores, permite a usuarios locales provocar denegación de servicio (caida) a través de un tercer argumento NULL a la función NtOpenSection API. NOTA: Posteriormente fu... • http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 4%CPEs: 6EXPL: 1CVE-2006-3992
https://notcve.org/view.php?id=CVE-2006-3992
05 Aug 2006 — Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption. Vulnerabildad no especifica en los controladores Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, y (4) w29n51.sys Microsoft Windows para Intel 2200BG y ... • http://securitytracker.com/id?1016621 •
CVSS: 7.8EPSS: 82%CPEs: 9EXPL: 3CVE-2006-3942 – Microsoft Windows - Mailslot Ring0 Memory Corruption (MS06-035)
https://notcve.org/view.php?id=CVE-2006-3942
31 Jul 2006 — The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. ... El controlador de servidor (srv.sys) en Microsoft Windows NT 4.0, 2000, XP, y Server 2003 permi... • https://packetstorm.news/files/id/180564 • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 76%CPEs: 9EXPL: 1CVE-2006-1314 – Microsoft Windows - Mailslot Ring0 Memory Corruption (MS06-035)
https://notcve.org/view.php?id=CVE-2006-1314
11 Jul 2006 — Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. Desbordamiento de búfer basado en montículo en Server Service (SRV.SYS driver) de Microsoft Windows 2000 SP4, XP SP1 y SP2, Server de 2003... • https://www.exploit-db.com/exploits/2057 •
CVSS: 7.5EPSS: 59%CPEs: 1EXPL: 1CVE-2006-1315 – Microsoft Windows - Mailslot Ring0 Memory Corruption (MS06-035)
https://notcve.org/view.php?id=CVE-2006-1315
11 Jul 2006 — The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability." The Server Service (SRV.SYS driver) en Microsoft Windows 2000 SP4, XP SP1 y SP2, Server de 2003 a SP1 y otros productos, permite a atacantes remotos obtener in... • https://www.exploit-db.com/exploits/2057 •