CVSS: 7.5EPSS: 75%CPEs: 30EXPL: 2CVE-2006-0143 – Microsoft Windows - Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-0143
09 Jan 2006 — Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths. • https://www.exploit-db.com/exploits/27051 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 90%CPEs: 16EXPL: 4CVE-2005-4560 – Microsoft Windows XP/Vista/2003 - Metafile Escape() SetAbortProc Code Execution (MS06-001)
https://notcve.org/view.php?id=CVE-2005-4560
28 Dec 2005 — The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com. • https://www.exploit-db.com/exploits/16612 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 21EXPL: 2CVE-2005-3981 – Microsoft Windows XP/2000/2003 - CreateRemoteThread Local Denial of Service
https://notcve.org/view.php?id=CVE-2005-3981
04 Dec 2005 — NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminate... • https://www.exploit-db.com/exploits/26690 •
CVSS: 7.8EPSS: 22%CPEs: 9EXPL: 0CVE-2005-3945
https://notcve.org/view.php?id=CVE-2005-3945
01 Dec 2005 — The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups. • http://www.securityfocus.com/archive/1/417952/100/0/threaded •
CVSS: 6.2EPSS: 60%CPEs: 24EXPL: 1CVE-2005-1218 – Microsoft Windows XP SP2 - 'rdpwd.sys' Remote Kernel Denial of Service
https://notcve.org/view.php?id=CVE-2005-1218
10 Aug 2005 — The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests. • https://www.exploit-db.com/exploits/1143 •
CVSS: 6.7EPSS: 2%CPEs: 6EXPL: 0CVE-2005-1982
https://notcve.org/view.php?id=CVE-2005-1982
10 Aug 2005 — Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used. • http://secunia.com/advisories/16368 •
CVSS: 9.8EPSS: 1%CPEs: 34EXPL: 0CVE-2005-2388
https://notcve.org/view.php?id=CVE-2005-2388
27 Jul 2005 — Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code. Desbordamiento de búfer en cierto driver USB, usado en Windows, permite que atacantes ejecuten código arbitrario. • http://secunia.com/advisories/16210 •
CVSS: 7.5EPSS: 51%CPEs: 4EXPL: 0CVE-2005-1205
https://notcve.org/view.php?id=CVE-2005-1205
14 Jun 2005 — The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. • http://idefense.com/application/poi/display?id=260&type=vulnerabilities •
CVSS: 10.0EPSS: 51%CPEs: 37EXPL: 0CVE-2005-1208
https://notcve.org/view.php?id=CVE-2005-1208
14 Jun 2005 — Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer. • http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0062.html •
CVSS: 9.8EPSS: 44%CPEs: 49EXPL: 0CVE-2005-1212
https://notcve.org/view.php?id=CVE-2005-1212
14 Jun 2005 — Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field. El desbordamiento de búfer en Microsoft Step-by-Step Interactive Training (orun32.exe) permite a los atacantes remotos ejecutar código arbitrario a través de un archivo de enlace de marcadores (extensión.cbo, cbl o.cbm) con un campo de usuario largo. • http://idefense.com/application/poi/display?id=262&type=vulnerabilities&flashstatus=true •