Page 6 of 32 results (0.011 seconds)

CVSS: 5.1EPSS: 15%CPEs: 49EXPL: 0

Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page. Microsoft Agent permite a los atacantes remotos falsificar contenido de Internet de confianza y ejecutar código arbitrario disfrazando las indicaciones de seguridad en una página web maliciosa. • http://secunia.com/advisories/15689 http://www.securityfocus.com/bid/13948 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-032 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1194 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A682 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A906 •

CVSS: 7.5EPSS: 10%CPEs: 49EXPL: 0

Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field. El desbordamiento de búfer en Microsoft Step-by-Step Interactive Training (orun32.exe) permite a los atacantes remotos ejecutar código arbitrario a través de un archivo de enlace de marcadores (extensión.cbo, cbl o.cbm) con un campo de usuario largo. • http://idefense.com/application/poi/display?id=262&type=vulnerabilities&flashstatus=true http://secunia.com/advisories/15669 http://securitytracker.com/id?1014194 http://www.securityfocus.com/bid/13944 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-031 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1224 •

CVSS: 10.0EPSS: 43%CPEs: 37EXPL: 0

Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer. • http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0062.html http://secunia.com/advisories/15683 http://www.kb.cert.org/vuls/id/851869 http://www.securityfocus.com/bid/13953 http://www.us-cert.gov/cas/techalerts/TA05-165A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-026 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef&# •

CVSS: 7.5EPSS: 83%CPEs: 12EXPL: 1

Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue. • http://www.phreedom.org/solar/exploits/msasn1-bitstring https://exchange.xforce.ibmcloud.com/vulnerabilities/20870 •

CVSS: 7.5EPSS: 90%CPEs: 6EXPL: 1

The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability." • https://www.exploit-db.com/exploits/733 http://secunia.com/advisories/13466 http://securitytracker.com/id?1012517 http://www.ciac.org/ciac/bulletins/p-054.shtml http://www.kb.cert.org/vuls/id/378160 http://www.osvdb.org/12370 http://www.securityfocus.com/bid/11922 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-045 https://exchange.xforce.ibmcloud.com/vulnerabilities/18259 •