CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0CVE-2013-1341
https://notcve.org/view.php?id=CVE-2013-1341
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability." win32k.sys en los controladores del kernel en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, y Windows 8 permite a usuarios locales conseguir privilegios a través de una aplicación manipulada. Aka "Win32k Multiple Fetch Vulnerability". • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-076 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18660 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 93%CPEs: 3EXPL: 0CVE-2013-3863 – Microsoft Visio Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3863
Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via a crafted OLE object in a file, aka "OLE Property Vulnerability." Microsoft Windows XP (SP2 y SP3) y Server 2003 SP2 permiten a atacantes remotos ejecutar código a discrección a través de objetos OLE manipulados en un archivo, tambien conocido como "Vulnerabilidad de Propiedad OLE". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VST files. The issue lies in the failure to validate a length specified by the file before using it as a size in a memcpy. • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-070 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18759 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3198
https://notcve.org/view.php?id=CVE-2013-3198
The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3196 and CVE-2013-3197. El subsistema NT Virtual DOS Machine (NTVDM) en el kernel en Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, y Windows 8 en plataformas 32-bits no valida correctamente las direcciones de memoria del kernel, lo que permite a usuarios locales conseguir privilegios o causar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada, también conocido como “Windows Kernel Memory Corruption Vulnerability”, una vulnerabilidad distinta de CVE-2013-3196 y CVE-2013-3197. • http://www.us-cert.gov/ncas/alerts/TA13-225A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18421 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 53%CPEs: 3EXPL: 0CVE-2013-3181
https://notcve.org/view.php?id=CVE-2013-3181
usp10.dll in the Unicode Scripts Processor in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." usp10.dll en Unicode Scripts Processor en Microsoft Windows XP SP2 y SP3 y Windows Server 2003 SP2, permite a atacantes remotos ejecutar código de su elección a través de un archivo de fuente OpenType modificado, también conocido como "Uniscribe Font Parsing Engine Memory Corruption Vulnerability". • http://www.us-cert.gov/ncas/alerts/TA13-225A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-060 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17442 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 88%CPEs: 14EXPL: 0CVE-2013-3175
https://notcve.org/view.php?id=CVE-2013-3175
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a malformed asynchronous RPC request, aka "Remote Procedure Call Vulnerability." Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, y Windows RT permiten a atacantes remotos ejecutar código arbitrario a través de una petición RPC asincrónica incorrecta, también conocido como "Remote Procedure Call Vulnerability". • http://vrt-blog.snort.org/2013/08/microsoft-update-tuesday-august-2013.html http://www.us-cert.gov/ncas/alerts/TA13-225A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-062 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18293 • CWE-264: Permissions, Privileges, and Access Controls •