CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1CVE-2005-2827 – Microsoft Windows Server 2000 Kernel - APC Data-Free Local Escalation (MS05-055)
https://notcve.org/view.php?id=CVE-2005-2827
The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the "Windows Kernel Vulnerability." • https://www.exploit-db.com/exploits/1407 http://secunia.com/advisories/15821 http://secunia.com/advisories/18064 http://secunia.com/advisories/18311 http://securityreason.com/securityalert/252 http://securitytracker.com/id?1015347 http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf http://www.eeye.com/html/research/advisories/AD20051213.html http://www.osvdb.org/18823 http://www.securityfocus.com/archive/1/419377/100/0/threaded http://www.securityfocus.com/bid/15826 •
CVSS: 5.0EPSS: 58%CPEs: 2EXPL: 0CVE-2005-2150
https://notcve.org/view.php?id=CVE-2005-2150
Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog. • http://marc.info/?l=bugtraq&m=112076409813099&w=2 http://secunia.com/advisories/14189 http://securitytracker.com/id?1014417 http://www.hsc.fr/ressources/presentations/null_sessions http://www.securityfocus.com/bid/14177 http://www.securityfocus.com/bid/14178 https://exchange.xforce.ibmcloud.com/vulnerabilities/21286 https://exchange.xforce.ibmcloud.com/vulnerabilities/21288 •
CVSS: 7.5EPSS: 83%CPEs: 12EXPL: 1CVE-2005-1935
https://notcve.org/view.php?id=CVE-2005-1935
Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue. • http://www.phreedom.org/solar/exploits/msasn1-bitstring https://exchange.xforce.ibmcloud.com/vulnerabilities/20870 •
CVSS: 5.0EPSS: 63%CPEs: 55EXPL: 1CVE-2005-1184 – Multiple Vendor - TCP Session Acknowledgement Number Denial of Service
https://notcve.org/view.php?id=CVE-2005-1184
The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" packets. NOTE: some followups indicate that this issue could not be replicated. • https://www.exploit-db.com/exploits/25439 http://seclists.org/lists/fulldisclosure/2005/Apr/0358.html http://seclists.org/lists/fulldisclosure/2005/Apr/0383.html http://seclists.org/lists/fulldisclosure/2005/Apr/0385.html http://www.securityfocus.com/bid/13215 https://exchange.xforce.ibmcloud.com/vulnerabilities/40502 •
CVSS: 7.5EPSS: 88%CPEs: 55EXPL: 3CVE-2005-0416 – Microsoft Internet Explorer - '.ANI' Downloader (MS05-002)
https://notcve.org/view.php?id=CVE-2005-0416
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow. La capacidad de Cursor Animado de Windows (archivos .ANI) de Windows NT, Windows 2000 hasta SP4, Windows XP hasta SP1, y Windows 2003 permite a atacantes remotos ejecutar código de su elección mediante el campo de longitud AnimationHeaderBlock, lo que conduce a un desbordamiento de búfer basado en la pila. • https://www.exploit-db.com/exploits/771 https://www.exploit-db.com/exploits/765 http://eeye.com/html/research/advisories/AD20050111.html http://marc.info/?l=bugtraq&m=110547079218397&w=2 http://marc.info/?l=bugtraq&m=110556975827760&w=2 http://www.securityfocus.com/bid/12233 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-002 https://exchange.xforce.ibmcloud.com/vulnerabilities/18879 •