CVSS: 7.2EPSS: 0%CPEs: 26EXPL: 0CVE-2007-5667
https://notcve.org/view.php?id=CVE-2007-5667
NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations. NWFILTER.SYS en Novell Client 4.91 SP 1 hasta el SP 4 para Windows 2000, XP, y Server 2003 toma el dispositivo disponible \.\nwfilter para entradas METHOD_NEITHER IOCTLs en modo usuario de su elección, lo cual permite a usuarios locales ganar privilegios pasando la dirección del núcleo como un argumento y sobrescribiendo localizaciones de la memoria del núcleo. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=626 http://osvdb.org/40867 http://secunia.com/advisories/27678 http://www.securityfocus.com/bid/26420 http://www.securitytracker.com/id?1018943 http://www.vupen.com/english/advisories/2007/3846 https://exchange.xforce.ibmcloud.com/vulnerabilities/38434 https://secure-support.novell.com/KanisaPlatform/Publishing/98/3260263_f.SAL_Public.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 91%CPEs: 9EXPL: 0CVE-2007-2228 – Microsoft Windows DCERPC Authentication Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2007-2228
rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak. En la biblioteca rpcrt4.dll (también conocida como la biblioteca de tiempo de ejecución RPC) en Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 y SP2, Server 2003 x64 Edition y x64 Edition SP2, y Vista y Vista x64 Edition permiten que los atacantes remotos causar una denegación de servicio (RPCSS servicio de parada y reinicio del sistema) por medio de una petición RPC que utiliza la autenticación NTLMSSP PACKET con una firma de remolque de verificación de valor cero, que conlleva una desreferencia no válida. NOTA: esto también afecta a Windows 2000 SP4, aunque el impacto es un filtrado de información. This vulnerability allows remote attackers to crash systems with vulnerable installations of the Microsoft Windows operating system. • http://secunia.com/advisories/27134 http://secunia.com/advisories/27153 http://securitytracker.com/id?1018787 http://www.securityfocus.com/archive/1/482023/100/0/threaded http://www.securityfocus.com/archive/1/482366/100/0/threaded http://www.securityfocus.com/bid/25974 http://www.us-cert.gov/cas/techalerts/TA07-282A.html http://www.vupen.com/english/advisories/2007/3438 http://www.zerodayinitiative.com/advisories/ZDI-07-055.html https://docs.microsoft.com/en-us/securit •
CVSS: 9.3EPSS: 96%CPEs: 5EXPL: 3CVE-2007-2217 – Kodak Image Viewer - TIF/TIFF Code Execution (MS07-055)
https://notcve.org/view.php?id=CVE-2007-2217
Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file. En Kodak Image Viewer en Microsoft Windows 2000 SP4, y en algunos casos XP SP2 y Server 2003 SP1 y SP2, permite que los atacantes remotos ejecuten código arbitrario por medio de archivos de imagen creados que desencadenan daños en la memoria, como lo demuestra un determinado archivo .tif (TIFF). • https://www.exploit-db.com/exploits/4584 https://www.exploit-db.com/exploits/4616 http://secunia.com/advisories/27092 http://securitytracker.com/id?1018784 http://www.kb.cert.org/vuls/id/180345 http://www.securityfocus.com/archive/1/482366/100/0/threaded http://www.securityfocus.com/bid/25909 http://www.us-cert.gov/cas/techalerts/TA07-282A.html http://www.vupen.com/english/advisories/2007/3435 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007&# • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 14%CPEs: 21EXPL: 3CVE-2007-4938 – MPlayer 1.0 - AVIHeader.C Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4938
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value. Desbordamiento de búfer basado en pila en libmpdemux/aviheader.c en MPlayer 1.0rc1 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de aplicación) o posiblemente ejecutar código de su elección a través de un archivo .avi con cierto "tamaño indx tratado" y valores nEntriesInuse, y un cierto valor wLongsPerEntry. • https://www.exploit-db.com/exploits/30578 http://osvdb.org/45940 http://secunia.com/advisories/27016 http://securityreason.com/securityalert/3144 http://www.mandriva.com/security/advisories?name=MDKSA-2007:192 http://www.securityfocus.com/archive/1/479222/100/0/threaded http://www.securityfocus.com/bid/25648 http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/36581 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 16EXPL: 0CVE-2007-3036
https://notcve.org/view.php?id=CVE-2007-3036
Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." Vulnerabilidad no especificada en (1) Windows Services para UNIX 3.0 y 3.5, y (2) Subsistema para Aplicaciones UNIX en Microsoft Windows 2000, XP, Server 2003, y Vista permite a usuarios locales obtener privilegios mediante vectores no especificados relacionados con "determinados archivos binarios con setuid". • http://secunia.com/advisories/26757 http://securitytracker.com/id?1018678 http://www.kb.cert.org/vuls/id/768440 http://www.osvdb.org/36935 http://www.securityfocus.com/bid/25620 http://www.us-cert.gov/cas/techalerts/TA07-254A.html http://www.vupen.com/english/advisories/2007/3115 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-053 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1275 • CWE-264: Permissions, Privileges, and Access Controls •