Page 55 of 637 results (0.012 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 3

CVE-2007-1213 – Microsoft Windows - GDI Privilege Escalation (MS07-017)

https://notcve.org/view.php?id=CVE-2007-1213

The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer. La fuente rasterizer en Microsoft Windows 2000 SP4 permite a usuarios locales ganar privilegios a través de fuentes TrueType manipuladas, el cual resultará en una función de puntero no inicializada. • https://www.exploit-db.com/exploits/3688 https://www.exploit-db.com/exploits/3755 https://www.exploit-db.com/exploits/3804 http://www.securityfocus.com/archive/1/466186/100/200/threaded http://www.securityfocus.com/bid/23276 http://www.securitytracker.com/id?1017845 http://www.vupen.com/english/advisories/2007/1215 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef • CWE-824: Access of Uninitialized Pointer •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 3

CVE-2006-5586 – Microsoft Windows - GDI Privilege Escalation (MS07-017)

https://notcve.org/view.php?id=CVE-2006-5586

The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability." El motor de interpretación gráfica (rendering) en Microsoft Windows 2000 SP4 y XP SP2 permite a usuarios locales obtener privilegios mediante tamaños inválidos de ventanas de aplicación en ventanas de aplicaciones con capas, también conocido como "Vulnerabilidad de elevación de privilegios de tamaño GDI de ventana inválido" • https://www.exploit-db.com/exploits/3688 https://www.exploit-db.com/exploits/3755 https://www.exploit-db.com/exploits/3804 http://www.securityfocus.com/archive/1/466186/100/200/threaded http://www.securityfocus.com/bid/23277 http://www.securitytracker.com/id?1017846 http://www.vupen.com/english/advisories/2007/1215 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef •

CVSS: 7.2EPSS: 0%CPEs: 14EXPL: 3

CVE-2007-1215 – Microsoft Windows - GDI Privilege Escalation (MS07-017)

https://notcve.org/view.php?id=CVE-2007-1215

Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images. Desbordamiento de búfer en el Graphics Device Interface (GDI) del Microsoft Windows 2000 SP4, XP SP2, Server 2003 Gold, SP1, y SP2 y en el Vista permite a usuarios locales obtener privilegios mediante ciertos "parámetros de colores relacionados" en imágenes manipuladas. • https://www.exploit-db.com/exploits/3688 https://www.exploit-db.com/exploits/3755 https://www.exploit-db.com/exploits/3804 http://www.securityfocus.com/archive/1/466186/100/200/threaded http://www.securityfocus.com/bid/23273 http://www.securitytracker.com/id?1017847 http://www.vupen.com/english/advisories/2007/1215 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef •

CVSS: 9.3EPSS: 34%CPEs: 14EXPL: 16

CVE-2007-0038 – Microsoft Windows Explorer - '.ANI' File Denial of Service

https://notcve.org/view.php?id=CVE-2007-0038

Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred. Un desbordamiento de búfer en la región stack de la memoria en el código de cursor animado en Microsoft Windows 2000 SP4 hasta Vista, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (reinicio persistente) por medio de un valor de gran longitud en el segundo bloque anih (o posterior) de un archivo RIFF .ANI, cur o .ico, lo que resulta en una corrupción de memoria cuando se procesan cursores, cursores animados e iconos, una variante de CVE-2005-0416, como es demostrado originalmente usando Internet Explorer versiones 6 y 7. NOTA: esto podría ser un duplicado de CVE-2007-1765; si es así, entonces CVE-2007-0038 debe ser preferido. • https://www.exploit-db.com/exploits/3684 https://www.exploit-db.com/exploits/3647 https://www.exploit-db.com/exploits/3695 https://www.exploit-db.com/exploits/3652 https://www.exploit-db.com/exploits/3617 https://www.exploit-db.com/exploits/3688 https://www.exploit-db.com/exploits/3755 https://www.exploit-db.com/exploits/3804 https://www.exploit-db.com/exploits/3636 https://www.exploit-db.com/exploits/3651 https://www.exploit-db.com/exploits/4045 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 5%CPEs: 43EXPL: 11

CVE-2007-1765 – Microsoft Windows Explorer - '.ANI' File Denial of Service

https://notcve.org/view.php?id=CVE-2007-1765

Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier. Una vulnerabilidad no especificada en Microsoft Windows 2000 SP4 hasta Windows Vista permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (reinicio persistente) por medio de un archivo ANI malformado, lo que resulta en una corrupción de memoria durante el procesamiento de cursores, cursores animados e iconos, un problema similar al CVE-2005-0416, como se demostró originalmente usando Internet Explorer versiones 6 y 7. NOTA: este problema podría ser un duplicado del CVE-2007-0038; si es así, utilizar el CVE-2007-0038 en lugar de este identificador. • https://www.exploit-db.com/exploits/3684 https://www.exploit-db.com/exploits/3647 https://www.exploit-db.com/exploits/3695 https://www.exploit-db.com/exploits/3652 https://www.exploit-db.com/exploits/3617 https://www.exploit-db.com/exploits/3636 https://www.exploit-db.com/exploits/3651 https://www.exploit-db.com/exploits/4045 https://www.exploit-db.com/exploits/16698 https://www.exploit-db.com/exploits/3635 https://www.exploit-db.com/exploits/3634 http: •