CVSS: 9.0EPSS: 96%CPEs: 4EXPL: 4CVE-2007-3039 – Microsoft Windows Message Queuing Service Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-3039
Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server. Un desbordamiento de búfer en la región stack de la memoria en el servicio Microsoft Message Queuing Service (MSMQ) en Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4 y Windows XP SP2 permite a los atacantes ejecutar código arbitrario por medio de una cadena larga en una llamada RPC 0x06 opnum al puerto 2103. NOTA: esto es explotable de forma remota en Windows 2000 Server. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows with the Message Queuing Service enabled. • https://www.exploit-db.com/exploits/16750 https://www.exploit-db.com/exploits/4745 https://www.exploit-db.com/exploits/4934 https://www.exploit-db.com/exploits/4760 http://secunia.com/advisories/28011 http://secunia.com/advisories/28051 http://www.securityfocus.com/archive/1/484891/100/0/threaded http://www.securityfocus.com/archive/1/485268/100/0/threaded http://www.securityfocus.com/bid/26797 http://www.securitytracker.com/id?1019077 http://www.us-cert.gov/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 39%CPEs: 21EXPL: 0CVE-2007-5355
https://notcve.org/view.php?id=CVE-2007-5355
The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. La característica Web Proxy Auto-Discovery en Microsoft Internet Explorer 6 y 7, cuando un sufijo de DNS primario con tres o más componentes es configurado, resuelve nombre de host wpad no cualificado en un dominio de segundo nivel fuera de este dominio configurado en el DNS, lo cual permite a servidores WPAD llevar a cabo ataques de hombre en el medio (MITM, man-in-the-middle). • http://secunia.com/advisories/27901 http://support.microsoft.com/kb/945713 http://www.microsoft.com/technet/security/advisory/945713.mspx http://www.securityfocus.com/bid/26686 http://www.securitytracker.com/id?1019033 http://www.vupen.com/english/advisories/2007/4064 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6043
https://notcve.org/view.php?id=CVE-2007-6043
The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898. La función CryptGenRandom en Microsoft Windows 2000 genera valores predecibles, lo cual hace más fácil para un atacantes dependiente del contexto reducir la efectividad de mecanismos criptográficos, como se demostró por un ataque sobre (1) forward security y (2) backward security, relacionado con el uso de ocho instancias de RC4 cipher, y posiblemente relacionado con el asunto CVE-2007-3898. • http://eprint.iacr.org/2007/419.pdf http://www.computerworld.com.au/index.php/id%3B1165210682%3Bfp%3B2%3Bfpid%3B1 http://www.securityfocus.com/bid/26495 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 83%CPEs: 6EXPL: 1CVE-2007-6026 – Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow
https://notcve.org/view.php?id=CVE-2007-6026
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944. Un desbordamiento del búfer en la región stack de la memoria en Microsoft msjet40.dll versión 4.0.8618.0 (también se conoce como Microsoft Jet Engine), como es usado por Access 2003 en Microsoft Office 2003 SP3, permite a atacantes asistidos por el usuario ejecutar código arbitrario por medio de un archivo de base de datos de archivos MDB que contiene una estructura de columnas con un conteo de columnas modificado. NOTA: este podría ser el mismo problema que CVE-2005-0944. • https://www.exploit-db.com/exploits/4625 http://dvlabs.tippingpoint.com/advisory/TPTI-08-04 http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058531.html http://marc.info/?l=bugtraq&m=121129490723574&w=2 http://ruder.cdut.net/blogview.asp?logID=227 http://securityreason.com/securityalert/3376 http://www.kb.cert.org/vuls/id/936529 http://www.securityfocus.com/archive/1/483797/100/0/threaded http://www.securityfocus.com/archive/1/483858/100/100/threaded • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 94%CPEs: 34EXPL: 3CVE-2007-3898 – Microsoft Windows Server 2000/2003 - Recursive DNS Spoofing
https://notcve.org/view.php?id=CVE-2007-3898
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. El servidor DNS en Microsoft Windows 2000 Server SP4, y Server 2003 SP1 y SP2, utiliza transacciones predecibles IDs cuando consultan otros servidores DNS, lo cual permite a atacantes remotos suplantando respuestas DNS, envenenar la cache DNS, y facilitar vectores de ataque más adelante. • https://www.exploit-db.com/exploits/30635 https://www.exploit-db.com/exploits/30636 http://secunia.com/advisories/27584 http://securityreason.com/securityalert/3373 http://www.kb.cert.org/vuls/id/484649 http://www.scanit.be/advisory-2007-11-14.html http://www.securityfocus.com/archive/1/483635/100/0/threaded http://www.securityfocus.com/archive/1/483698/100/0/threaded http://www.securityfocus.com/archive/1/484186/100/0/threaded http://www.securityfocus.com/bid/ • CWE-16: Configuration •