CVE-2006-6133 – Business Objects Crystal Reports XI Professional - File Handling Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-6133
Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file. Desbordamiento de búfer basado en pila en Visual Studio Crystal Reports para Microsoft Visual Studio .NET 2002 y 2002 SP1; .NET 2003 y 2003 SP1; y 2005 y 2005 SP1 (anteriormente Business Objects Crystal Reports XI Professional) permite a atacantes remotos con la ayuda del usuario, ejecutar código de su elección mediante un fichero RPT manipulado. • https://www.exploit-db.com/exploits/29171 http://secunia.com/advisories/23091 http://secunia.com/advisories/26754 http://securitytracker.com/id?1017279 http://www.lssec.com/advisories/LS-20061102.pdf http://www.securityfocus.com/archive/1/452464/100/0/threaded http://www.securityfocus.com/bid/21261 http://www.us-cert.gov/cas/techalerts/TA07-254A.html http://www.vupen.com/english/advisories/2006/4691 http://www.vupen.com/english/advisories/2007/3114 https://docs. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-4704 – Microsoft Visual Studio WmiScriptUtils.dll Cross-Zone Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2006-4704
Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability." Vulnerabilidad de secuencias de comandos en zonas cruzadas en el Control ActiveX (WmiScriptUtils.dll) del WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) en el Microsoft Visual Studio 2005 permite atacantes remotos evitar las restricciones de la zona de Internet y ejecutar código de su elección instanciando objetos peligrosos, también conocido como "Vulnerabilidad WMI Object Broker". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. Successful exploitation requires that the target user browse to a malicious web page. The specific flaw exists in the Microsoft WMIScriptUtils.WMIObjectBroker2 ActiveX control which is bundled with Visual Studio 2005. An attacker can utilize this control to bypass Internet zone security restrictions and instantiate other dangerous objects that can be leveraged to result in arbitrary code execution. • https://www.exploit-db.com/exploits/16561 http://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspx http://research.eeye.com/html/alerts/zeroday/20061031.html http://secunia.com/advisories/22603 http://securitytracker.com/id?1017142 http://www.kb.cert.org/vuls/id/854856 http://www.microsoft.com/technet/security/advisory/927709.mspx http://www.securityfocus.com/archive/1/454201/100/0/threaded http://www.securityfocus.com/archive/1/454969/ •
CVE-2006-0187 – Microsoft Visual Studio - UserControl Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-0187
By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file. • https://www.exploit-db.com/exploits/27073 https://www.exploit-db.com/exploits/27072 http://secunia.com/advisories/18409 http://www.securityfocus.com/archive/1/421943/100/0/threaded http://www.securityfocus.com/bid/16225 http://www.vupen.com/english/advisories/2006/0151 https://exchange.xforce.ibmcloud.com/vulnerabilities/24116 •