CVSS: 7.1EPSS: 37%CPEs: 14EXPL: 0CVE-2014-0266
https://notcve.org/view.php?id=CVE-2014-0266
12 Feb 2014 — The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to bypass the Same Origin Policy via a web page that is visited in Internet Explorer, aka "MSXML Information Disclosure Vulnerability." Los controles ActiveX XMLHTTP en XML Core Services 3.0 en Microsoft Windows XP SP2... • http://osvdb.org/103189 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 70%CPEs: 24EXPL: 7CVE-2013-3900 – Microsoft WinVerifyTrust function Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-3900
11 Dec 2013 — The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability." La función WinVerifyTrust en Microsoft Windo... • https://github.com/snoopopsec/vulnerability-CVE-2013-3900 • CWE-20: Improper Input Validation CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2013-3878
https://notcve.org/view.php?id=CVE-2013-3878
11 Dec 2013 — Stack-based buffer overflow in the LRPC client in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges by operating an LRPC server that sends a crafted LPC port message, aka "LRPC Client Buffer Overrun Vulnerability." Desbordamiento de búfer basado en pila en el cliente LRPC de Microsoft Windows XP SP2 y SP3 y Server 2003 SP2 permite a usuarios locales obtener privilegios mediante la disposición de un servidor LRPC que envíe un mensaje manipulado en el puerto LPC, tambi... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-102 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-3899
https://notcve.org/view.php?id=CVE-2013-3899
11 Dec 2013 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate addresses, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." win32k.sys en los drivers de modo kernel en Microsoft Windows XP SP2, SP3. Server 2003 SP2 no valida apropiadamente direcciones, lo que permite a usuarios locales obtener privilegios a través de una aplicacion manipulada, tambien conocido como "Vulnerabilidad de ... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-101 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 37%CPEs: 14EXPL: 0CVE-2013-5056
https://notcve.org/view.php?id=CVE-2013-5056
11 Dec 2013 — Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that is visited with Internet Explorer, aka "Use-After-Free Vulnerability in Microsoft Scripting Runtime... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-099 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 2%CPEs: 14EXPL: 2CVE-2013-5058 – Microsoft Windows Kernel - 'win32k.sys' Integer Overflow (MS13-101)
https://notcve.org/view.php?id=CVE-2013-5058
11 Dec 2013 — Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges via a crafted application, aka "Win32k Integer Overflow Vulnerability." Desbordamiento de enteros en los controladores en modo kernel de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y... • https://packetstorm.news/files/id/124403 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 58%CPEs: 3EXPL: 7CVE-2013-5065 – Microsoft Windows Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2013-5065
27 Nov 2013 — NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013. NDProxy.sys del kernel de Microsoft Windows XP SP2 y SP3 y Server 2003 SP2 permite a usuarios locales obtener privilegios a través de una aplicación manipulada, tal y como se explotó activamente en noviembre de 2013. Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can... • https://packetstorm.news/files/id/124466 •
CVSS: 7.1EPSS: 21%CPEs: 3EXPL: 1CVE-2013-6801
https://notcve.org/view.php?id=CVE-2013-6801
16 Nov 2013 — Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed .doc file containing an embedded image, as demonstrated by word2003forkbomb.doc, related to a "fork bomb" issue. Microsoft Word 2003 SP2 y SP3 en Windows XP SP3 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de un archivo .doc manipulado que contiene una imagen incrustada, como lo demuestra word2003forkbomb.doc, relacionado con un... • http://archives.neohapsis.com/archives/bugtraq/2013-11/0035.html • CWE-399: Resource Management Errors •
CVSS: 7.4EPSS: 2%CPEs: 15EXPL: 0CVE-2013-3876
https://notcve.org/view.php?id=CVE-2013-3876
16 Nov 2013 — DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which allows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificate. DirectAccess en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, W... • http://technet.microsoft.com/security/advisory/2862152 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 67%CPEs: 14EXPL: 0CVE-2013-3940
https://notcve.org/view.php?id=CVE-2013-3940
13 Nov 2013 — Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image in a Windows Write (.wri) document, which is not properly handled in WordPad, aka "Graphics Device Interface Integer Ove... • http://www.us-cert.gov/ncas/alerts/TA13-317A • CWE-190: Integer Overflow or Wraparound •