CVSS: 8.4EPSS: 51%CPEs: 55EXPL: 3CVE-2005-0416 – Microsoft Internet Explorer - '.ANI' Downloader (MS05-002)
https://notcve.org/view.php?id=CVE-2005-0416
14 Feb 2005 — The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow. La capacidad de Cursor Animado de Windows (archivos .ANI) de Windows NT, Windows 2000 hasta SP4, Windows XP hasta SP1, y Windows 2003 permite a atacantes remotos ejecutar código de su elección mediante el campo de longitud AnimationHeaderBlock, l... • https://www.exploit-db.com/exploits/771 •
CVSS: 9.8EPSS: 37%CPEs: 25EXPL: 0CVE-2005-0044
https://notcve.org/view.php?id=CVE-2005-0044
08 Feb 2005 — The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." • http://www.kb.cert.org/vuls/id/927889 •
CVSS: 9.8EPSS: 69%CPEs: 35EXPL: 2CVE-2005-0053 – Microsoft Internet Explorer 5.x - Valid File Drag and Drop Embedded Code (MS04-038)
https://notcve.org/view.php?id=CVE-2005-0053
08 Feb 2005 — Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability." Internet Explorer 5.01, 5.5 y 6 permite a los atacantes remotos ejecutar código arbitrario mediante eventos de arrastrar y soltar, también conocidos como "Vulnerabilidad de arrastrar y soltar". • https://www.exploit-db.com/exploits/24693 •
CVSS: 9.8EPSS: 47%CPEs: 24EXPL: 0CVE-2005-0057
https://notcve.org/view.php?id=CVE-2005-0057
08 Feb 2005 — The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow. La biblioteca de objetos Hyperlink para Windows 98, 2000, XP y Server 2003 permite a los atacantes remotos ejecutar código arbitrario a través de un enlace diseñado que activa un "buffer no controlado" en la biblioteca, posiblemente debido a un desbordamiento del buffer. • http://secunia.com/advisories/14195 •
CVSS: 6.2EPSS: 62%CPEs: 67EXPL: 1CVE-2004-1305 – Microsoft Windows Kernel - '.ANI' File Parsing Crash
https://notcve.org/view.php?id=CVE-2004-1305
23 Dec 2004 — The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang. • https://www.exploit-db.com/exploits/721 •
CVSS: 10.0EPSS: 23%CPEs: 51EXPL: 0CVE-2004-0571
https://notcve.org/view.php?id=CVE-2004-0571
15 Dec 2004 — Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901. El Convertidor de Microsoft Word para Windows 6.0 no valida adecuadamente ciertas longitudes de datos, lo que permite a atacantes remotos ejecutar código arbitrario mediante ficheros .wri, .rtf y .doc enviado por ... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-041 •
CVSS: 10.0EPSS: 26%CPEs: 51EXPL: 0CVE-2004-0901
https://notcve.org/view.php?id=CVE-2004-0901
15 Dec 2004 — Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571. El Convertidor de Microsoft Word para Windows 6.0 no valida adecuadamente ciertas longitudes de datos, lo que permite a atacantes remotos ejecutar código de su elección mediante ... • http://www.ciac.org/ciac/bulletins/p-055.shtml •
CVSS: 8.1EPSS: 34%CPEs: 27EXPL: 2CVE-2004-1319
https://notcve.org/view.php?id=CVE-2004-1319
15 Dec 2004 — The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180. • http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html •
CVSS: 10.0EPSS: 49%CPEs: 22EXPL: 0CVE-2004-0978
https://notcve.org/view.php?id=CVE-2004-0978
21 Oct 2004 — Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter. • http://marc.info/?l=bugtraq&m=110616221411579&w=2 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 74%CPEs: 5EXPL: 1CVE-2004-0214 – Microsoft Windows XP/2000/NT 4.0 - Shell Long Share Name Buffer Overrun
https://notcve.org/view.php?id=CVE-2004-0214
16 Oct 2004 — Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. Desbordamiento de búfer en Microsoft Internet Explorer y Explorador de Windows XP SP1, 2000, 98 y Me puede permitir a usuarios remotos maliciosos causar una denegación de servicio (caída de aplicación) y posiblemente ejec... • https://www.exploit-db.com/exploits/24051 •