CVSS: 7.5EPSS: 8%CPEs: 14EXPL: 0CVE-2013-3869
https://notcve.org/view.php?id=CVE-2013-3869
13 Nov 2013 — Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a denial of service (daemon hang) via a web-service request containing a crafted X.509 certificate that is not properly handled during validation, aka "Digital Signatures Vulnerability." Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Win... • http://www.us-cert.gov/ncas/alerts/TA13-317A • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2013-3887
https://notcve.org/view.php?id=CVE-2013-3887
13 Nov 2013 — The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows local users to obtain sensitive information from kernel memory by leveraging improper copy operations, aka "Ancillary Function Driver Information Disclosure Vulnerability." Ancillary Function Driver (AFD) en afd.sys en los drivers kernel-mode de Microsoft Windows XP SP2, ... • http://www.us-cert.gov/ncas/alerts/TA13-317A • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 84%CPEs: 14EXPL: 2CVE-2013-3918 – Microsoft Internet Explorer - CardSpaceClaimCollection ActiveX Integer Underflow (MS13-090)
https://notcve.org/view.php?id=CVE-2013-3918
12 Nov 2013 — The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCard... • https://packetstorm.news/files/id/124183 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 52%CPEs: 48EXPL: 0CVE-2013-3128 – Microsoft Windows OpenType Font Parsing Persistent Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2013-3128
09 Oct 2013 — The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary code via a crafted OpenType font (OTF) file, aka "OpenType Font Parsing Vulnerability." Los drivers kernel-mode en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 S... • http://www.us-cert.gov/ncas/alerts/TA13-288A •
CVSS: 10.0EPSS: 48%CPEs: 12EXPL: 0CVE-2013-3195
https://notcve.org/view.php?id=CVE-2013-3195
09 Oct 2013 — The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted value in an argument to an ASP.NET web application, aka "Comctl32 Integer Overflow Vulnerability." La función DSA_InsertItem en Comctl32.dll en la bibliot... • http://blogs.technet.com/b/srd/archive/2013/10/08/assessing-risk-for-the-october-2013-security-updates.aspx • CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 0CVE-2013-3200
https://notcve.org/view.php?id=CVE-2013-3200
09 Oct 2013 — The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability." Los controladores USB en los controladores en modo kernel de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Se... • http://www.us-cert.gov/ncas/alerts/TA13-288A • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2013-3879
https://notcve.org/view.php?id=CVE-2013-3879
09 Oct 2013 — Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en win32k.sys de los drivers kernel-mode en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vi... • http://www.us-cert.gov/ncas/alerts/TA13-288A • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 24%CPEs: 13EXPL: 0CVE-2013-3894 – Microsoft Windows TTF CMAP Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3894
08 Oct 2013 — The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted CMAP table in a TrueType font (TTF) file, aka "TrueType Font CMAP Table Vulnerability." Los controladores en modo kernel de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP... • http://www.us-cert.gov/ncas/alerts/TA13-288A • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 1%CPEs: 17EXPL: 0CVE-2013-3864
https://notcve.org/view.php?id=CVE-2013-3864
11 Sep 2013 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1342, CVE-2013-1343, CVE-2013-1344, and CVE-2013-3865. win32k.sys en los controladores kernel-mode de Microsoft Windows XP SP2 y SP3, Windows Serve... • http://www.us-cert.gov/ncas/alerts/TA13-253A • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 17EXPL: 0CVE-2013-3865
https://notcve.org/view.php?id=CVE-2013-3865
11 Sep 2013 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1342, CVE-2013-1343, CVE-2013-1344, and CVE-2013-3864. win32k.sys en los controladores kernel-mode de Microsoft Windows XP SP2 y SP3, Windows Serve... • http://www.us-cert.gov/ncas/alerts/TA13-253A • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •