CVSS: 9.3EPSS: 67%CPEs: 7EXPL: 0CVE-2007-0043
https://notcve.org/view.php?id=CVE-2007-0043
The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". El servicio Just In Time (JIT) Compiler en Microsoft .NET Framework versiones 1.0, 1.1 y 2.0 para Windows 2000, XP, Server 2003 y Vista permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de vectores no específicos que involucran un "unchecked buffer," probablemente un desbordamiento de búfer, también se conoce como ".NET JIT Compiler Vulnerability ". • http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html http://osvdb.org/35956 http://secunia.com/advisories/26003 http://www.securityfocus.com/bid/24811 http://www.securitytracker.com/id?1018356 http://www.us-cert.gov/cas/techalerts/TA07-191A.html http://www.vupen.com/english/advisories/2007/2482 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040 https://exchange.xforce.ibmcloud.com/vulnerabilities/34639 https://oval.cisecurity.org/repo • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 92%CPEs: 7EXPL: 1CVE-2007-0042 – Microsoft .Net Framework 2.0 - Multiple Null Byte Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-0042
Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." Un conflicto de interpretación en ASP.NET en Microsoft .NET Framework versión 1.0, 1.1 y 2.0 para Windows 2000, XP, Server 2003 y Vista permite que los atacantes remotos accedan a los archivos de configuración y obtengan información confidencial, y posiblemente omitan los mecanismos de seguridad que intentan restringir el acceso. La subcadena final de una cadena, por medio de caracteres %00 , relacionada con el uso de %00 como terminador de cadena dentro de las funciones POSIX pero un carácter data dentro de las cadenas .NET, también se conoce como "Null Byte Termination Vulnerability.". • https://www.exploit-db.com/exploits/30281 http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html http://secunia.com/advisories/26003 http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf http://www.securitytracker.com/id?1018356 http://www.us-cert.gov/cas/techalerts/TA07-191A.html http://www.vupen.com/english/advisories/2007/2482 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040 https&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 79%CPEs: 6EXPL: 0CVE-2007-0040
https://notcve.org/view.php?id=CVE-2007-0040
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes." El servicio LDAP en Windows Active Directory de Microsoft Windows 2000 Server SP4, Server 2003 SP1 y SP2, Server 2003 x64 Edition y SP2, y Server 2003 para Sistemas Itanium SP1 y SP2 permite a atacantes remotos ejecutar código de su elección mediante una petición LDAP con un número no especificado de "atributos convertibles". • http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html http://osvdb.org/35960 http://secunia.com/advisories/26002 http://www.iss.net/threats/267.html http://www.kb.cert.org/vuls/id/487905 http://www.securityfocus.com/bid/24800 http://www.securitytracker.com/id?1018355 http://www.us-cert.gov/cas/techalerts/TA07-191A.html http://www.vupen.com/english/advisories/2007/2481 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-039 •
CVSS: 5.0EPSS: 85%CPEs: 1EXPL: 0CVE-2007-3028
https://notcve.org/view.php?id=CVE-2007-3028
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040. El servicio LDAP en Windows Active Directory en Microsoft Windows 2000 Server SP4 no valida de forma adecuada "el número de atributos convertibles", lo cual permite a atacantes remotos provocar denegación de servicio (servicio no disponible) a través de respuestas LDAP manipuladas, relacionado con "respuesta lógica LDAP enviada por el cliente" también conocido como "Vulnerabilidad de denegación de servicio del diretorio activo de Windows". NOTA: este es posiblemente un asunto diferente a CVE-2007-0040. • http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html http://secunia.com/advisories/26002 http://www.kb.cert.org/vuls/id/348953 http://www.securityfocus.com/bid/24796 http://www.securitytracker.com/id?1018355 http://www.us-cert.gov/cas/techalerts/TA07-191A.html http://www.vupen.com/english/advisories/2007/2481 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre&# •
CVSS: 5.0EPSS: 51%CPEs: 3EXPL: 3CVE-2006-7210 – Microsoft Windows - '.png' IHDR Block Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2006-7210
Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block. Microsoft Windows 2000, XP, y Server 2003 permite a atacantes remotos provocar denegación de servicio (consumo de CPU) a través de una imagen .PNG con los valores (1)width y (2)Height manipulados en el bloque IHDR. • https://www.exploit-db.com/exploits/2194 https://www.exploit-db.com/exploits/2210 https://www.exploit-db.com/exploits/2204 http://www.securityfocus.com/bid/19520 http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=6 •