CVSS: 9.3EPSS: 46%CPEs: 17EXPL: 0CVE-2008-2249
https://notcve.org/view.php?id=CVE-2008-2249
10 Dec 2008 — Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." Desbordamiento de entero en GDI en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008 permite a atacantes remotos ejecutar código de su elección mediante una cabe... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=762 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 38%CPEs: 53EXPL: 0CVE-2008-3009
https://notcve.org/view.php?id=CVE-2008-3009
10 Dec 2008 — Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." Microsoft Windows Media Player v6.4, Windows Media Format Runtime v7.1 a v11, y Windows Media Services v4.1, v9, y 2008 no usan apropiadamen... • http://secunia.com/advisories/33058 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 3%CPEs: 17EXPL: 0CVE-2008-3465
https://notcve.org/view.php?id=CVE-2008-3465
10 Dec 2008 — Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." Desbordamiento de búfer basado en montículo en una API en GDI en Microso... • http://www.securitytracker.com/id?1021365 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 42%CPEs: 16EXPL: 5CVE-2008-4114 – Microsoft Windows - 'WRITE_ANDX' SMB Command Handling Kernel Denial of Service
https://notcve.org/view.php?id=CVE-2008-4114
16 Sep 2008 — srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability." SRV.sy... • https://packetstorm.news/files/id/180565 • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2007-2999
https://notcve.org/view.php?id=CVE-2007-2999
04 Jun 2007 — Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names. Microsoft Windows Server 2003, cuando las restricciones de tiempo están en efecto para las cuentas del usuario, genera diversos mensajes de error para las tentativas falladas de conexión con un nombre válido... • http://osvdb.org/36138 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2007-1206
https://notcve.org/view.php?id=CVE-2007-1206
10 Apr 2007 — The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped. La Máquina DOS Virtual (VDM) en el kernel de Windows en Microsoft Windows NT versiones 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1 y 2003 SP2;... • http://research.eeye.com/html/advisories/published/AD20070410a.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 94%CPEs: 12EXPL: 0CVE-2007-1205
https://notcve.org/view.php?id=CVE-2007-1205
10 Apr 2007 — Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. Vulnerabilidad no especificada en Microsoft Agent (msagent\agentsvr.exe) en Windows 2000 SP4, XP SP2, y Server 2003, 2003 SP1, y 2003 SP2 permite a aacantes remotos ejecutar código de su elección a través de una URL manipulada, lo cual deriva en una corrupción de memoria. • http://secunia.com/advisories/22896 •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 3CVE-2007-1215 – Microsoft Windows - GDI Privilege Escalation (MS07-017)
https://notcve.org/view.php?id=CVE-2007-1215
04 Apr 2007 — Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images. Desbordamiento de búfer en el Graphics Device Interface (GDI) del Microsoft Windows 2000 SP4, XP SP2, Server 2003 Gold, SP1, y SP2 y en el Vista permite a usuarios locales obtener privilegios mediante ciertos "parámetros de colores relacionados" en imágenes manipuladas. • https://www.exploit-db.com/exploits/3688 •
CVSS: 7.1EPSS: 7%CPEs: 12EXPL: 3CVE-2007-1211 – Microsoft Windows - GDI Privilege Escalation (MS07-017)
https://notcve.org/view.php?id=CVE-2007-1211
04 Apr 2007 — Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a kernel structure, a related issue to CVE-2005-4560. Funciones GDI no especificadas del kernel en Microsoft Windows 2000 SP4; XP SP2; y Server 2003 Gold, SP1 y SP2, permiten a los atacantes remotos asistidos por e... • https://www.exploit-db.com/exploits/3688 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 3CVE-2007-1212 – Microsoft Windows - GDI Privilege Escalation (MS07-017)
https://notcve.org/view.php?id=CVE-2007-1212
04 Apr 2007 — Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file. Desbordamiento de búfer en el Graphics Device Interface (GDI) en Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, y SP2; y Vista permite a usuarios locales ganar privilegios a través de archivos de imágenes con formato Enhanced Metafile(EMF). • https://www.exploit-db.com/exploits/3688 •