CVSS: 10.0EPSS: 23%CPEs: 18EXPL: 0CVE-2009-0568
https://notcve.org/view.php?id=CVE-2009-0568
The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability." El motor RPC Marshalling (también conocido como NDR) en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 SP2 no mantiene de forma adecuada su estado interno, lo que permite a atacantes remotos sobrescribir posiciones de memoria de su elección a través de un mensaje RPC manipulado que provoca una lectura de puntero incorrecta, relativo a "Interfaces IDL que contienen una tabla variable no conforme" y FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, y FC_VARIABLE_OFFSET, tambien conocido como "Vulnerabilidad dl motor RPC Marshalling" • http://blogs.technet.com/srd/archive/2009/06/09/ms09-026-how-a-developer-can-know-if-their-rpc-interface-is-affected.aspx http://osvdb.org/54936 http://www.securityfocus.com/bid/35219 http://www.securitytracker.com/id?1022357 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1545 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-026 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mit • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 17EXPL: 0CVE-2009-0230
https://notcve.org/view.php?id=CVE-2009-0230
The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability." La cola de impresión de Windows en Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 SP2 permite a usuraio autenticados remotamente obtener privilegios a través de un mensaje RCP manipulado que lanza la carga de un archivo DLL desde un directorio de su elección, también conocido como "Vulnerabilidad en la carga librería de la cola de impresión". • http://osvdb.org/54934 http://secunia.com/advisories/35365 http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm http://www.securityfocus.com/bid/35209 http://www.securitytracker.com/id?1022352 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1541 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-022 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6287 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 11%CPEs: 53EXPL: 0CVE-2008-3009
https://notcve.org/view.php?id=CVE-2008-3009
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." Microsoft Windows Media Player v6.4, Windows Media Format Runtime v7.1 a v11, y Windows Media Services v4.1, v9, y 2008 no usan apropiadamente el identificador Service Principal Name (SPN) al validar respuestas a peticiones de autenticación, lo que permite a servidores remotos ejecutar código de su elección mediante vectores que emplean reflexión de credenciales NTLM, alias "Vulnerabilidad SPN". • http://secunia.com/advisories/33058 http://www.securityfocus.com/bid/32653 http://www.securitytracker.com/id?1021372 http://www.securitytracker.com/id?1021373 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3388 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-076 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5942 • CWE-255: Credentials Management Errors •
CVSS: 9.3EPSS: 95%CPEs: 11EXPL: 2CVE-2008-3008 – Microsoft Windows Media Encoder 9 - 'wmex.dll' ActiveX Buffer Overflow (MS08-053)
https://notcve.org/view.php?id=CVE-2008-3008
Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability." Desbordamiento de búfer basado en pila en el control WMEncProfileManager ActiveX en wmex.dll en Microsoft Windows Media Encoder 9 Series permite a atacantes remotos ejecutar un código arbitrario a través de un primer argumento largo en el método GetDetailsString, también conocido como "Windows Media Encoder Buffer Overrun Vulnerability". • https://www.exploit-db.com/exploits/16521 https://www.exploit-db.com/exploits/6454 http://marc.info/?l=bugtraq&m=122235754013992&w=2 http://www.kb.cert.org/vuls/id/996227 http://www.securityfocus.com/bid/31065 http://www.securitytracker.com/id?1020832 http://www.us-cert.gov/cas/techalerts/TA08-253A.html http://www.vupen.com/english/advisories/2008/2521 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053 https://oval.cisecurity.org/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 62%CPEs: 22EXPL: 0CVE-2008-3014
https://notcve.org/view.php?id=CVE-2008-3014
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." Desbordamiento de búfer en gdiplus.dll en GDI+ en Microsoft Internet Explorer 6 SP1, Windows XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, Server 2008, Office XP SP3, Office 2003 SP2 y SP3, 2007 Microsoft Office System Gold y SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 y 2008, y Forefront Client Security 1.0, permite a atacantes remotos ejecutar código de su elección a través de un archivo de imagen WMF que lanza una asignación de memoria inadecuada, también conocida como "Vulnerabilidad GDI+ WMF Buffer Overrun". • http://marc.info/?l=bugtraq&m=122235754013992&w=2 http://secunia.com/advisories/32154 http://www.securityfocus.com/bid/31021 http://www.securitytracker.com/id?1020837 http://www.us-cert.gov/cas/techalerts/TA08-253A.html http://www.vupen.com/english/advisories/2008/2520 http://www.vupen.com/english/advisories/2008/2696 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval% • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •