CVSS: 9.3EPSS: 70%CPEs: 17EXPL: 0CVE-2008-2249
https://notcve.org/view.php?id=CVE-2008-2249
10 Dec 2008 — Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." Desbordamiento de entero en GDI en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008 permite a atacantes remotos ejecutar código de su elección mediante una cabe... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=762 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 41%CPEs: 53EXPL: 0CVE-2008-3009
https://notcve.org/view.php?id=CVE-2008-3009
10 Dec 2008 — Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." Microsoft Windows Media Player v6.4, Windows Media Format Runtime v7.1 a v11, y Windows Media Services v4.1, v9, y 2008 no usan apropiadamen... • http://secunia.com/advisories/33058 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 42%CPEs: 17EXPL: 0CVE-2008-3465
https://notcve.org/view.php?id=CVE-2008-3465
10 Dec 2008 — Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." Desbordamiento de búfer basado en montículo en una API en GDI en Microso... • http://www.securitytracker.com/id?1021365 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 4CVE-2008-5229 – Microsoft Windows Vista - 'iphlpapi.dll' Local Kernel Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-5229
25 Nov 2008 — Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries. Un desbordamiento de búfer en la región stack de la memoria en Device IO Control de Microsoft en la bibl... • https://www.exploit-db.com/exploits/32590 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 82%CPEs: 16EXPL: 5CVE-2008-4114 – Microsoft Windows - 'WRITE_ANDX' SMB Command Handling Kernel Denial of Service
https://notcve.org/view.php?id=CVE-2008-4114
16 Sep 2008 — srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability." SRV.sy... • https://packetstorm.news/files/id/180565 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 2%CPEs: 14EXPL: 3CVE-2007-1212 – Microsoft Windows - GDI Privilege Escalation (MS07-017)
https://notcve.org/view.php?id=CVE-2007-1212
04 Apr 2007 — Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file. Desbordamiento de búfer en el Graphics Device Interface (GDI) en Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, y SP2; y Vista permite a usuarios locales ganar privilegios a través de archivos de imágenes con formato Enhanced Metafile(EMF). • https://www.exploit-db.com/exploits/3688 •
CVSS: 7.8EPSS: 2%CPEs: 14EXPL: 3CVE-2007-1215 – Microsoft Windows - GDI Privilege Escalation (MS07-017)
https://notcve.org/view.php?id=CVE-2007-1215
04 Apr 2007 — Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images. Desbordamiento de búfer en el Graphics Device Interface (GDI) del Microsoft Windows 2000 SP4, XP SP2, Server 2003 Gold, SP1, y SP2 y en el Vista permite a usuarios locales obtener privilegios mediante ciertos "parámetros de colores relacionados" en imágenes manipuladas. • https://www.exploit-db.com/exploits/3688 •
CVSS: 9.3EPSS: 90%CPEs: 14EXPL: 16CVE-2007-0038 – Microsoft Windows Explorer - '.ANI' File Denial of Service
https://notcve.org/view.php?id=CVE-2007-0038
30 Mar 2007 — Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2... • https://www.exploit-db.com/exploits/3684 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 25%CPEs: 13EXPL: 1CVE-2006-7031 – Microsoft Internet Explorer 6.0.2900 SP2 - CSS Attribute Denial of Service
https://notcve.org/view.php?id=CVE-2006-7031
23 Feb 2007 — Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll. Microsoft Internet Explorer 6.0.2900 SP2 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) mediante un elemento tabla con un atributo CSS que fija la posición, lo cual dispara una "excepción no manejada" en mshtml.dll. • https://www.exploit-db.com/exploits/1775 •