CVSS: 9.3EPSS: 82%CPEs: 1EXPL: 1CVE-2007-3040 – Microsoft Agent - 'agentdpv.dll' ActiveX Control Malformed URL Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-3040
Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205. Un desbordamiento de búfer en la región stack de la memoria en la biblioteca agentdpv.dll versión 2.0.0.3425 en Microsoft Agent en Windows 2000 SP4, permite a los atacantes remoto ejecutar código arbitrarios por medio de una URL creada para el control ActiveX del Agente (Agent.Control), que activa un desbordamiento dentro del proceso Agent Service (agentsrv.exe), un problema diferente del CVE-2007-1205. • https://www.exploit-db.com/exploits/30567 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=592 http://secunia.com/advisories/26753 http://securityreason.com/securityalert/3124 http://securitytracker.com/id?1018677 http://www.kb.cert.org/vuls/id/716872 http://www.osvdb.org/36934 http://www.securityfocus.com/archive/1/479096/100/0/threaded http://www.securityfocus.com/bid/25566 http://www.us-cert.gov/cas/techalerts/TA07-254A.html http://www.vupen. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 95%CPEs: 6EXPL: 1CVE-2007-3034 – Microsoft Windows - 'gdi32.dll' Denial of Service (MS07-046)
https://notcve.org/view.php?id=CVE-2007-3034
Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow. El desbordamiento de enteros en la función AttemptWrite en el Motor de Renderizado de Gráficos (GDI) en Microsoft Windows 2000 SP4, XP SP2 y Server 2003 SP1 permite a los atacantes remotos ejecutar código arbitrario por medio de un metarchivo (imagen) creado con un valor de longitud de registro grande, que desencadena un desbordamiento del búfer en la región heap de la memoria. • https://www.exploit-db.com/exploits/4337 http://secunia.com/advisories/26423 http://www.kb.cert.org/vuls/id/640136 http://www.securityfocus.com/archive/1/476505/100/0/threaded http://www.securityfocus.com/bid/25302 http://www.securitytracker.com/id?1018563 http://www.us-cert.gov/cas/techalerts/TA07-226A.html http://www.vupen.com/english/advisories/2007/2870 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-046 https://oval.cisecurity.org&#x • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 89%CPEs: 6EXPL: 0CVE-2007-2224
https://notcve.org/view.php?id=CVE-2007-2224
Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow. En Object linking and embedding (OLE) Automation, tal como se usa en Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 y SP2, Office 2004 para Mac y Visual Basic versión 6.0 permite a los atacantes remotos ejecutar código arbitrario por medio del método substringData en un objeto TextNode, lo que causa un desbordamiento de enteros que conlleva a un desbordamiento de búfer. • http://secunia.com/advisories/26449 http://www.securityfocus.com/archive/1/476527/100/0/threaded http://www.securityfocus.com/bid/25282 http://www.securitytracker.com/id?1018560 http://www.us-cert.gov/cas/techalerts/TA07-226A.html http://www.vupen.com/english/advisories/2007/2867 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-043 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1248 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 7.1EPSS: 78%CPEs: 8EXPL: 1CVE-2007-3958 – Microsoft Windows Explorer - '.GIF' Image Denial of Service
https://notcve.org/view.php?id=CVE-2007-3958
Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif. Microsoft Windows Explorer (explorer.exe) permite a atacantes remotos con la complicidad del usuario provocar una denegación de servicio mediante un determinado fichero GIF, como se demuestra con Art.gif. • https://www.exploit-db.com/exploits/4215 http://lostmon.blogspot.com/2007/08/windows-extended-file-attributes-buffer.html http://osvdb.org/43773 http://www.securityfocus.com/bid/25013 https://exchange.xforce.ibmcloud.com/vulnerabilities/35538 •
CVSS: 9.3EPSS: 67%CPEs: 7EXPL: 0CVE-2007-0041
https://notcve.org/view.php?id=CVE-2007-0041
The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow. El servicio PE Loader en Microsoft .NET Framework versiones 1.0, 1.1 y 2.0 para Windows 2000, XP, Server 2003 y Vista, permite a los atacantes remotos ejecutar código arbitrario por medio de vectores no especificados que involucran un "unchecked buffer" y longitudes de mensajes sin invalidar, probablemente un desbordamiento de búfer. • http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html http://osvdb.org/35954 http://secunia.com/advisories/26003 http://www.securityfocus.com/bid/24778 http://www.securitytracker.com/id?1018356 http://www.us-cert.gov/cas/techalerts/TA07-191A.html http://www.vupen.com/english/advisories/2007/2482 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040 https://exchange.xforce.ibmcloud.com/vulnerabilities/34637 https://oval.cisecurity.org/repo • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •