CVSS: 10.0EPSS: 58%CPEs: 7EXPL: 0CVE-2007-0065
https://notcve.org/view.php?id=CVE-2007-0065
Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. Búfer overflow basado en montículo en el objeto OLE (Object Linking and Embedding)Automation en Windows 2000 SP4, XP SP2, Server 2003 SP1 y SP2, Vista, Office 2004 para Mac, y Visual basic 6.0 SP6, permite a atacantes remotos ejecutar código de su elección a través de una petición de secuencia de comandos manipulada. • http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28902 http://www.securityfocus.com/bid/27661 http://www.securitytracker.com/id?1019373 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0510/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-008 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5388 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 94%CPEs: 5EXPL: 0CVE-2008-0088
https://notcve.org/view.php?id=CVE-2008-0088
Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. Vulnerabilidad sin especificar en Active Directory de Microsoft Windows 2000 y Windows Server 2003 y Active Directory Application Mode (ADAM) de XP y Server 2003. Permite a atacantes remotos provocar una denegación de servicio (cuelgue y reinicio) a través de una petición LDAP manipulada. • http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28764 http://www.securityfocus.com/bid/27638 http://www.securitytracker.com/id?1019382 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0505/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-003 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5181 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2007-5352
https://notcve.org/view.php?id=CVE-2007-5352
Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. Vulnerabilidad no especificada en Local Security Authority Subsystem Service (LSASS) en Microsoft Windows 2000 SP4, XP SP2, y Server 2003 SP1 y SP2 permite a usuarios locales ganar privilegios a través de una respuesta de procedimiento de llamada local (LPC). • http://secunia.com/advisories/28341 http://securitytracker.com/id?1019165 http://www.kb.cert.org/vuls/id/410025 http://www.securityfocus.com/archive/1/486317/100/0/threaded http://www.securityfocus.com/bid/27099 http://www.us-cert.gov/cas/techalerts/TA08-008A.html http://www.vupen.com/english/advisories/2008/0070 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-002 https://exchange.xforce.ibmcloud.com/vulnerabilities/39233 https://oval.cisecurity& • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 19%CPEs: 21EXPL: 0CVE-2007-5355
https://notcve.org/view.php?id=CVE-2007-5355
The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. La característica Web Proxy Auto-Discovery en Microsoft Internet Explorer 6 y 7, cuando un sufijo de DNS primario con tres o más componentes es configurado, resuelve nombre de host wpad no cualificado en un dominio de segundo nivel fuera de este dominio configurado en el DNS, lo cual permite a servidores WPAD llevar a cabo ataques de hombre en el medio (MITM, man-in-the-middle). • http://secunia.com/advisories/27901 http://support.microsoft.com/kb/945713 http://www.microsoft.com/technet/security/advisory/945713.mspx http://www.securityfocus.com/bid/26686 http://www.securitytracker.com/id?1019033 http://www.vupen.com/english/advisories/2007/4064 •
CVSS: 9.3EPSS: 71%CPEs: 10EXPL: 0CVE-2007-2219
https://notcve.org/view.php?id=CVE-2007-2219
Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function. Vulnerabilidad no especificada en en la API Win32 de Microsoft Windows 2000, XP SP2, y Server 2003 SP1 y SP2 permite a atacantes remotos ejecutar código de su elección mediante determinados parámetros para una función no especificada. • http://osvdb.org/35341 http://secunia.com/advisories/25640 http://www.kb.cert.org/vuls/id/457281 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/24370 http://www.securitytracker.com/id?1018230 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http://www.vupen.com/english/advisories/2007/2155 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-035 https://oval.cisecurity.org/repository/search/ •