CVE-2013-0109 – Nvidia (nvsvc) Display Driver Service - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-0109
The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service (memory overwrite) via a crafted application. El controlador NVIDIA anterior a v307.78, y Release v310 anterior a v311.00, en el controlador del servicio NVIDIA Display en Windows, no controla correctamente las excepciones, lo que permite a usuarios locales conseguir privilegios o causar una denegación de servicio (sobrescritura de memoria) a través de una aplicación manipulada. • https://www.exploit-db.com/exploits/30393 http://www.kb.cert.org/vuls/id/957036 http://www.nvidia.com/object/product-security.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-0002 – Microsoft Remote Desktop Protocol Channel Abort Condition Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0002
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability." La aplicación Remote Desktop Protocol (RDP) de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 Service Pack 2, R2 y R2 SP1, y Windows 7 Gold y SP1 no procesa correctamente los paquetes en la memoria, lo que permite a atacantes remotos ejecutar código arbitrario mediante el envío de paquetes RDP modificados que provocan acceso a un objeto que (1) no se ha inicializado correctamente o (2) se suprime, también conocido como "Remote Desktop Protocol Vulnerability." ... This condition can cause the driver to abort a connection and part of the logic of the abort is to free an object associated with it. ... The second time this object is freed, the driver will fetch a virtual pointer from the freed object and call it. This can lead to code execution under the context of the driver. • https://www.exploit-db.com/exploits/18606 https://github.com/zhangkaibin0921/MS12-020-CVE-2012-0002 http://blogs.quickheal.com/remote-desktop-protocol-vulnerability-cve-2012-0002-not-dead-yet http://www.securitytracker.com/id?1026790 http://www.us-cert.gov/cas/techalerts/TA12-073A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-020 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14623 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2011-2005 – Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2011-2005
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." afd.sys en el controlador de función auxiliar de Microsoft Windows XP SP2 y SP3 y Server 2003 SP2 no valida correctamente la entrada de datos que se le pasa en modo de usuario una vez en modo kernel, lo que permite a usuarios locales conseguir privilegios a través de una aplicación específicamente creada para este fin. También conocida como "Vulnerabilidad de elevación de privilegios del controlador de función auxiliar". afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application. • https://www.exploit-db.com/exploits/21844 https://www.exploit-db.com/exploits/18176 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-080 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13114 •
CVE-2011-1974 – Microsoft Windows (x86) - 'NDISTAPI' Local Privilege Escalation (MS11-062)
https://notcve.org/view.php?id=CVE-2011-1974
NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability." NDISTAPI.sys del controlador NDISTAPI en el servicio de acceso remoto (RAS) de Microsoft Windows XP SP2 y SP3 y Windows Server 2003 SP2 no valida apropiadamente la entrada de modo usuario, lo que permite a usuarios locales escalar privilegios a través de una aplicación modificada. • https://www.exploit-db.com/exploits/40627 http://www.securityfocus.com/bid/48996 http://www.us-cert.gov/cas/techalerts/TA11-221A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-062 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12912 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-2602
https://notcve.org/view.php?id=CVE-2011-2602
The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK. El controlador NVIDIA Geforce 310 v6.14.12.7061 en Windows XP SP3 permite a atacantes remotos causar una denegación de servicio (caída del sistema) a través de una página web manipulada que se visite con Google Chrome o Mozilla Firefox, como se demuestra con la página de prueba lots-of-polys-example.html test page en Khronos WebGL SDK. • http://www.contextis.com/resources/blog/webgl http://www.contextis.com/resources/blog/webgl2 http://www.securityfocus.com/bid/48319 • CWE-399: Resource Management Errors •