CVE-2006-0143 – Microsoft Windows - Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-0143
Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths. • https://www.exploit-db.com/exploits/27051 http://blogs.technet.com/msrc/archive/2006/01/09/417198.aspx http://lostmon.blogspot.com/2007/08/windows-extended-file-attributes-buffer.html http://securitytracker.com/id?1015453 http://www.securityfocus.com/archive/1/421257/100/0/threaded http://www.securityfocus.com/archive/1/421258/100/0/threaded http://www.securityfocus.com/bid/16167 http://www.vupen.com/english/advisories/2006/0115 https://exchange.xforce.ibmcloud.com/vulnerabiliti • CWE-399: Resource Management Errors •
CVE-2005-4560 – Microsoft Windows XP/Vista/2003 - Metafile Escape() SetAbortProc Code Execution (MS06-001)
https://notcve.org/view.php?id=CVE-2005-4560
The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com. • https://www.exploit-db.com/exploits/16612 http://linuxbox.org/pipermail/funsec/2006-January/002455.html http://secunia.com/advisories/18255 http://secunia.com/advisories/18311 http://secunia.com/advisories/18364 http://secunia.com/advisories/18415 http://securitytracker.com/id?1015416 http://support.avaya.com/elmodocs2/security/ASA-2006-001.htm http://vil.mcafeesecurity.com/vil/content/v_137760.htm http://www.f-secure.com/weblog/archives/archive-122005.html#00000753 http:// • CWE-20: Improper Input Validation •
CVE-2005-3981 – Microsoft Windows XP/2000/2003 - CreateRemoteThread Local Denial of Service
https://notcve.org/view.php?id=CVE-2005-3981
NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE • https://www.exploit-db.com/exploits/26690 http://www.securityfocus.com/archive/1/418289/100/0/threaded http://www.securityfocus.com/archive/1/418431/100/0/threaded http://www.securityfocus.com/bid/15671 •
CVE-2005-3945
https://notcve.org/view.php?id=CVE-2005-3945
The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups. • http://www.securityfocus.com/archive/1/417952/100/0/threaded http://www.securityfocus.com/bid/15613 •
CVE-2005-1982
https://notcve.org/view.php?id=CVE-2005-1982
Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used. • http://secunia.com/advisories/16368 http://securitytracker.com/id?1014642 http://www.kb.cert.org/vuls/id/477341 http://www.securityfocus.com/bid/14520 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-042 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100096 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100098 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Ad •