CVSS: 9.3EPSS: 49%CPEs: 14EXPL: 2CVE-2008-3015 – Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-3015
Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability." Un desbordamiento de enteros en la biblioteca gdiplus.dll en GDI+ en Office XP SP3, Office 2003 SP2 y SP3, 2007, de Microsoft; Office System Gold y SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2 , SQL Server 2005 SP2, Report Viewer 2005 SP1 y 2008, y Forefront Client Security versión 1.0, de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo de imagen BMP con una BitMapInfoHeader malformada que desencadena un desbordamiento de búfer, también se conoce como "GDI+ BMP Integer Overflow Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows XP, Server and Vista. User interaction is required in that a user must open a malicious image file. The specific flaws exist in the GDI+ subsystem when parsing maliciously crafted BMP files. Supplying a malformed BitMapInfoHeader can result in incorrect integer calculations further leading to an exploitable memory corruption. • http://marc.info/?l=bugtraq&m=122235754013992&w=2 http://secunia.com/advisories/32154 http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt http://www.securityfocus.com/archive/1/496153/100/0/threaded http://www.securityfocus.com/bid/31022 http://www.securitytracker.com/id?1020838 http://www.us-cert.gov/cas/techalerts/TA08-253A.html http://www.vupen.com/english/advisories/2008/2520 • CWE-189: Numeric Errors •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2008-0074
https://notcve.org/view.php?id=CVE-2008-0074
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. Vulnerabilidad no especificada en Microsoft Internet Information Services (IIS) de 5.0 a 7.0. Permite a usuarios locales conseguir privilegios a través de vectores desconocidos relacionados a notificaciones de cambios de archivos en las carpetas TPRoot, NNTPFile\Root, or WWWRoot. • http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28849 http://www.securityfocus.com/bid/27101 http://www.securitytracker.com/id?1019384 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0507/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5389 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 84%CPEs: 29EXPL: 0CVE-2007-0064
https://notcve.org/view.php?id=CVE-2007-0064
Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. Desbordamiento de búfer en la región heap de la memoria en Windows Media Format Runtime versiones 7.1, 9, 9.5, 9.5 x64 Edition, versión 11, y Windows Media Services versión 9.1 para Microsoft Windows 2000, XP, Server 2003 y Vista, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de un archivo Advanced Systems Format (ASF) creado. • http://secunia.com/advisories/28034 http://www.kb.cert.org/vuls/id/319385 http://www.securityfocus.com/archive/1/485268/100/0/threaded http://www.securityfocus.com/bid/26776 http://www.securitytracker.com/id?1019074 http://www.us-cert.gov/cas/techalerts/TA07-345A.html http://www.vupen.com/english/advisories/2007/4183 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-068 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 16EXPL: 0CVE-2007-3036
https://notcve.org/view.php?id=CVE-2007-3036
Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." Vulnerabilidad no especificada en (1) Windows Services para UNIX 3.0 y 3.5, y (2) Subsistema para Aplicaciones UNIX en Microsoft Windows 2000, XP, Server 2003, y Vista permite a usuarios locales obtener privilegios mediante vectores no especificados relacionados con "determinados archivos binarios con setuid". • http://secunia.com/advisories/26757 http://securitytracker.com/id?1018678 http://www.kb.cert.org/vuls/id/768440 http://www.osvdb.org/36935 http://www.securityfocus.com/bid/25620 http://www.us-cert.gov/cas/techalerts/TA07-254A.html http://www.vupen.com/english/advisories/2007/3115 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-053 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1275 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 90%CPEs: 26EXPL: 1CVE-2007-2223 – Microsoft Internet Explorer substringData Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-2223
Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. Microsoft XML Core Services (MSXML) versión 3.0 hasta 6.0 permite a los atacantes remotos ejecutar código arbitrario por medio del método substringData en un objeto (1) TextNode o (2) XMLDOM, lo que provoca un desbordamiento de enteros que conduce a un desbordamiento de búfer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft software User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the substringData() method available on the TextNode JavaScript object. When specific parameters are passed to the method, an integer overflow occurs causing incorrect memory allocation. If this event occurs after a different ActiveX object has been instantiated, an exploitable condition is created when the ActiveX object is deallocated which can result in the execution of arbitrary code. • https://www.exploit-db.com/exploits/30493 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=576 http://secunia.com/advisories/26447 http://www.kb.cert.org/vuls/id/361968 http://www.securityfocus.com/archive/1/476527/100/0/threaded http://www.securityfocus.com/archive/1/476747/100/0/threaded http://www.securityfocus.com/bid/25301 http://www.securitytracker.com/id?1018559 http://www.vupen.com/english/advisories/2007/2866 http://www.zerodayinitiative.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •