Page 6 of 37 results (0.005 seconds)

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0

CVE-2007-1206

https://notcve.org/view.php?id=CVE-2007-1206

The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped. La Máquina DOS Virtual (VDM) en el kernel de Windows en Microsoft Windows NT versiones 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1 y 2003 SP2; y Windows Vista anterior a Junio de 2006; utiliza permisos no seguros (PAGE_READWRITE) para una vista de memoria física, lo que permite a los usuarios locales conseguir privilegios al modificar la "Zero page" durante una condición de carrera antes de que la vista no esté asignada. • http://research.eeye.com/html/advisories/published/AD20070410a.html http://secunia.com/advisories/24834 http://securitytracker.com/id?1017898 http://www.kb.cert.org/vuls/id/337953 http://www.osvdb.org/34011 http://www.securityfocus.com/archive/1/465232/100/0/threaded http://www.securityfocus.com/archive/1/466331/100/200/threaded http://www.securityfocus.com/bid/23367 http://www.us-cert.gov/cas/techalerts/TA07-100A.html http://www.vupen.com/english/advisories/2007/ • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 94%CPEs: 12EXPL: 0

CVE-2007-1205

https://notcve.org/view.php?id=CVE-2007-1205

Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. Vulnerabilidad no especificada en Microsoft Agent (msagent\agentsvr.exe) en Windows 2000 SP4, XP SP2, y Server 2003, 2003 SP1, y 2003 SP2 permite a aacantes remotos ejecutar código de su elección a través de una URL manipulada, lo cual deriva en una corrupción de memoria. • http://secunia.com/advisories/22896 http://secunia.com/secunia_research/2006-74/advisory http://www.kb.cert.org/vuls/id/728057 http://www.securityfocus.com/archive/1/465235/100/0/threaded http://www.securityfocus.com/archive/1/466331/100/200/threaded http://www.securityfocus.com/bid/23337 http://www.securitytracker.com/id?1017896 http://www.us-cert.gov/cas/techalerts/TA07-100A.html http://www.vupen.com/english/advisories/2007/1324 https://docs.microsoft.com/en- •

CVSS: 6.6EPSS: 0%CPEs: 14EXPL: 3

CVE-2007-1212 – Microsoft Windows - GDI Privilege Escalation (MS07-017)

https://notcve.org/view.php?id=CVE-2007-1212

Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file. Desbordamiento de búfer en el Graphics Device Interface (GDI) en Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, y SP2; y Vista permite a usuarios locales ganar privilegios a través de archivos de imágenes con formato Enhanced Metafile(EMF). • https://www.exploit-db.com/exploits/3688 https://www.exploit-db.com/exploits/3755 https://www.exploit-db.com/exploits/3804 http://www.securityfocus.com/archive/1/466186/100/200/threaded http://www.securityfocus.com/bid/23278 http://www.securitytracker.com/id?1017844 http://www.vupen.com/english/advisories/2007/1215 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef •

CVSS: 7.1EPSS: 8%CPEs: 12EXPL: 3

CVE-2007-1211 – Microsoft Windows - GDI Privilege Escalation (MS07-017)

https://notcve.org/view.php?id=CVE-2007-1211

Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a kernel structure, a related issue to CVE-2005-4560. Funciones GDI no especificadas del kernel en Microsoft Windows 2000 SP4; XP SP2; y Server 2003 Gold, SP1 y SP2, permiten a los atacantes remotos asistidos por el usuario causar una denegación de servicio (reinicio posiblemente persistente) por medio de una imagen de Windows Metafile (WMF) creada que causa una desreferencia no válida de un desplazamiento (offset) en una estructura del kernel, un problema relacionado al CVE-2005-4560. • https://www.exploit-db.com/exploits/3688 https://www.exploit-db.com/exploits/3755 https://www.exploit-db.com/exploits/3804 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=499 http://www.securityfocus.com/archive/1/466186/100/200/threaded http://www.securityfocus.com/bid/23275 http://www.securitytracker.com/id?1017843 http://www.vupen.com/english/advisories/2007/1215 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017 https:/&#x • CWE-399: Resource Management Errors •

CVSS: 7.2EPSS: 0%CPEs: 14EXPL: 3

CVE-2007-1215 – Microsoft Windows - GDI Privilege Escalation (MS07-017)

https://notcve.org/view.php?id=CVE-2007-1215

Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images. Desbordamiento de búfer en el Graphics Device Interface (GDI) del Microsoft Windows 2000 SP4, XP SP2, Server 2003 Gold, SP1, y SP2 y en el Vista permite a usuarios locales obtener privilegios mediante ciertos "parámetros de colores relacionados" en imágenes manipuladas. • https://www.exploit-db.com/exploits/3688 https://www.exploit-db.com/exploits/3755 https://www.exploit-db.com/exploits/3804 http://www.securityfocus.com/archive/1/466186/100/200/threaded http://www.securityfocus.com/bid/23273 http://www.securitytracker.com/id?1017847 http://www.vupen.com/english/advisories/2007/1215 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef •