CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2011-0676
https://notcve.org/view.php?id=CVE-2011-0676
13 Apr 2011 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." win32k.sys en los drivers de kernel-mode en Microsoft Windows XP S... • http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 49%CPEs: 18EXPL: 1CVE-2011-0657 – Microsoft Windows DNSAPI.dll LLMNR Buffer Underrun Denial of Service
https://notcve.org/view.php?id=CVE-2011-0657
13 Apr 2011 — DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability." DNSAPI.dll del cliente DNS de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, Windows Serv... • https://packetstorm.news/files/id/180569 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 42%CPEs: 18EXPL: 0CVE-2010-3974
https://notcve.org/view.php?id=CVE-2010-3974
13 Apr 2011 — fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability." fxscover.exe en Fax Cover Page Editor de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, W... • http://www.us-cert.gov/cas/techalerts/TA11-102A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 7%CPEs: 22EXPL: 0CVE-2011-1244
https://notcve.org/view.php?id=CVE-2011-1244
13 Apr 2011 — Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." Microsoft Internet Explorer 6, 7 y 8 no realiza las restricciones de dominio pretendidas cuando se accede a los contenidos. Esto permite a atacantes remotos obtener información sensible o provocar ataques de clickjacking a través de un... • http://osvdb.org/71777 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 63%CPEs: 17EXPL: 0CVE-2011-0661
https://notcve.org/view.php?id=CVE-2011-0661
13 Apr 2011 — The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability." El servicio SMB Server en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, Window... • http://osvdb.org/71781 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 57%CPEs: 36EXPL: 0CVE-2010-3958
https://notcve.org/view.php?id=CVE-2010-3958
13 Apr 2011 — The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability." El compilador x86 JIT de Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, y 4.0 no compila apropiadamente las llamadas a funciones, lo que perm... • http://www.us-cert.gov/cas/techalerts/TA11-102A.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2011-0667
https://notcve.org/view.php?id=CVE-2011-0667
13 Apr 2011 — Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." Vulnerabilidad de uso después de lib... • http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2011-0665
https://notcve.org/view.php?id=CVE-2011-0665
13 Apr 2011 — Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." Vulnerabilidad de "usar después de l... • http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 22%CPEs: 36EXPL: 0CVE-2011-0663
https://notcve.org/view.php?id=CVE-2011-0663
13 Apr 2011 — Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability." Múltiples desbordamientos de enteros en los motores de secuencias de comandos (1) JScript v5.6 a la v5.8 y(2) VBScript v5.6 a la v5.8, permite a atacantes remotos ejecutar código de su elección a través de una página web manipulada. También conocida como "Scripting... • http://osvdb.org/71774 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2011-0666
https://notcve.org/view.php?id=CVE-2011-0666
13 Apr 2011 — Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." Vulnerabilidad de uso después de la ... • http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx • CWE-399: Resource Management Errors •