CVSS: 7.5EPSS: 70%CPEs: 3EXPL: 0CVE-2007-1692
https://notcve.org/view.php?id=CVE-2007-1692
The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector. La configuración predeterminada de Microsoft Windows usa el Web Proxy Autodiscovery Protocol (WPAD) sin entradas WPAD estáticas, lo que podría permitir a atacantes remotos interceptar el tráfico web mediante el registro de un servidor proxy usando WINS o DNS y, a continuación, responder a peticiones WPAD, como es demostrado por Internet Explorer. NOTA: se podría argumentar que si un atacante ya tiene control sobre WINS/DNS, entonces el tráfico web ya podría ser interceptado mediante la modificación de registros WINS o DNS, por lo que esto no cruzaría los límites de privilegios y no sería una vulnerabilidad. • http://archives.neohapsis.com/archives/isn/2007-q1/0418.html http://isc.sans.org/diary.html?storyid=2517 http://news.com.com/Windows+weakness+can+lead+to+network+traffic+hijacks/2100-1002_3-6170229.html http://support.microsoft.com/kb/934864 http://www.vupen.com/english/advisories/2007/1115 https://exchange.xforce.ibmcloud.com/vulnerabilities/33244 • CWE-16: Configuration •
CVSS: 9.3EPSS: 88%CPEs: 10EXPL: 0CVE-2006-1311
https://notcve.org/view.php?id=CVE-2006-1311
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption. El componente RichEdit en Microsoft Windows 2000 SP4, XP SP2, y 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, y Office 2004 para Mac; y Learning Essentials para Microsoft Office 1.0, 1.1, y 1.5 permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante un objeto OLE mal formado en un fichero RTF, lo cual provoca una corrupción de memoria. • http://secunia.com/advisories/24152 http://www.kb.cert.org/vuls/id/368132 http://www.osvdb.org/31886 http://www.securityfocus.com/bid/21876 http://www.securitytracker.com/id?1017640 http://www.securitytracker.com/id?1017641 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0582 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/30592 https:/ •
CVSS: 9.3EPSS: 61%CPEs: 6EXPL: 0CVE-2007-0025
https://notcve.org/view.php?id=CVE-2007-0025
The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll. El componente MFC en Microsoft Windows 2000 SP4, XP SP2 y 2003 SP1 y Visual Studio .NET 2000, 2002 SP1, 2003 y 2003 SP1 permite a atacantes remotos asistidos por usuario ejecutar código arbitrario a través de un archivo RTF con un objeto OLE mal formado que desencadena corrupción de memoria. NOTA: esto podría ser debido a un desbordamiento de buffer basado en pila en la función AfxOleSetEditMenu en MFC42u.dll. • http://secunia.com/advisories/24150 http://www.kb.cert.org/vuls/id/932041 http://www.osvdb.org/31887 http://www.securityfocus.com/bid/22476 http://www.securitytracker.com/id?1017638 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0581 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-012 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A157 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 66%CPEs: 8EXPL: 0CVE-2007-0214
https://notcve.org/view.php?id=CVE-2007-0214
The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. El control HTML Help ActiveX (Hhctrl.ocx) en Microsoft Windows 2000 SP3, XP SP2 y Professional, 2003 SP1 permite a atacantes remotos ejecutar código de su elección mediante funciones no especificadas, relacionado con parámetros no inicializados. • http://secunia.com/advisories/24136 http://www.kb.cert.org/vuls/id/563756 http://www.osvdb.org/31884 http://www.securityfocus.com/bid/22478 http://www.securitytracker.com/id?1017635 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0577 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125 •
CVSS: 10.0EPSS: 90%CPEs: 3EXPL: 0CVE-2006-5583
https://notcve.org/view.php?id=CVE-2006-5583
Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability." Desbordamiento de búfer en el SNMP Service de Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1 y, posiblemente, otras versiones, permite a atacantes remotos ejecutar código de su elección a través de paquetes SNMP modificados, también conocido como "Vulnerabilidad de corrupción de memoria SNMP". • http://secunia.com/advisories/23307 http://securitytracker.com/id?1017371 http://www.kb.cert.org/vuls/id/901584 http://www.securityfocus.com/archive/1/454969/100/200/threaded http://www.securityfocus.com/bid/21537 http://www.us-cert.gov/cas/techalerts/TA06-346A.html http://www.vupen.com/english/advisories/2006/4967 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3A •