CVSS: 9.3EPSS: 94%CPEs: 28EXPL: 0CVE-2008-3472
https://notcve.org/view.php?id=CVE-2008-3472
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability." Microsoft Internet Explorer 6 y 7 no determina correctamente el dominio o zona de seguridad original de un script, lo que permite a un atacante remoto eludir la política de seguridad establecida para los dominios cruzados, y ejecutar código de su elección u obtener información privilegiada a través de un documento HTML preparado para ello, también conocido como "HTML Element Cross-Domain Vulnerability" (vulnerabilidad de elemento cruzado en HTML). • http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://www.securityfocus.com/bid/31615 http://www.securityfocus.com/bid/31654 http://www.securitytracker.com/id?1021047 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/2809 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058 https://exchange.xforce.ibmcloud.com/vulnerabilities/45558 https://exchange.xforce.ibmcloud.com/vulnerabilities/45565 https://oval& • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 86%CPEs: 1EXPL: 0CVE-2008-3479
https://notcve.org/view.php?id=CVE-2008-3479
Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability." El servicio Microsoft Message Queuing (MSMQ) en Microsoft Windows 2000 SP4 no valida correctamente los parámetros a string APIs, lo que permite a atacantes remotos ejecutar código de su elección mediante una llamada RPC manipulada que desborda una "petición de montículo" también conocida como "Message Queuing Service Remote Code Execution Vulnerability (Vulnerabilidad de Ejecución de Código Remoto en essage Queuing Service)". • http://dvlabs.tippingpoint.com/advisory/TPTI-08-07 http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://secunia.com/advisories/32260 http://www.securityfocus.com/bid/31637 http://www.securitytracker.com/id?1021052 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/2816 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-065 https://exchange.xforce.ibmcloud.com/vulnerabilities/45537 https://exchange.xfo • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 74%CPEs: 1EXPL: 0CVE-2008-4023
https://notcve.org/view.php?id=CVE-2008-4023
Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability." Active Directory en Microsoft Windows 2000 SP4 no asigna memoria correctamente para peticiones 1) LDAP y (2) LDAPS, lo que permite a atacantes remotos ejecutar código de su elección mediante una petición manipulada, también conocido como "Active Directory Overflow Vulnerability (Vulnerabilidad de Desbordamiento de Active Directory)" • http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://secunia.com/advisories/32242 http://www.securityfocus.com/bid/31609 http://www.securitytracker.com/id?1021042 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/2811 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-060 https://exchange.xforce.ibmcloud.com/vulnerabilities/45585 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval& • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 95%CPEs: 29EXPL: 0CVE-2008-3473
https://notcve.org/view.php?id=CVE-2008-3473
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability." Microsoft Internet Explorer v6 y v7 no determina de forma adecuada el dominio o zona de seguridad del origen de la secuencia de comandos web, lo que permite a atacantes remotos saltar la política de seguridad de dominios cruzados implementada, y ejecutar código arbitrario u obtener información sensible mediante un documento HTML modificado, también conocido como "vulnerabilidad de dominios cruzados en el manejo de eventos". • http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://www.securityfocus.com/bid/31616 http://www.securitytracker.com/id?1021047 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/2809 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058 https://exchange.xforce.ibmcloud.com/vulnerabilities/45562 https://exchange.xforce.ibmcloud.com/vulnerabilities/45565 https://oval.cisecurity.org/repository/search/definition/ova • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 73%CPEs: 28EXPL: 0CVE-2008-3477
https://notcve.org/view.php?id=CVE-2008-3477
Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability." Microsoft Excel 2000 SP3, 2002 SP3 y 2003 SP2 y SP3 no valida correctamente los datos en la caché VBA Performance, lo que permite a atacantes remotos ejecutar código de su elección mediante un archivo Excel manipulado, también conocida como "Calendar Object Validation Vulnerability (Vulnerabilidad de Validación de Objeto Calendario)". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=746 http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://secunia.com/advisories/32211 http://www.securityfocus.com/bid/31702 http://www.securitytracker.com/id?1021044 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/2808 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057 https://exchange.xforce.ibmcloud.com/vulnerabilities/45566 https&# • CWE-399: Resource Management Errors •