Page 6 of 71 results (0.027 seconds)

CVSS: 9.3EPSS: 92%CPEs: 13EXPL: 1

CVE-2007-2221 – Microsoft Internet Explorer 7 - Arbitrary File Rewrite (MS07-027)

https://notcve.org/view.php?id=CVE-2007-2221

Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability." Vulnerabilidad no especificada en el objeto COM mdsauth.dll de Microsoft Windows Media Server en Microsoft Internet Explorer 5.01 SP4 de Windows 2000 SP4; 6 SP1 de Windows 2000 SP4; 6 y 7 de Windows XP SP2, ó Windows Server 2003 SP1 ó SP2; ó 7 en Windows Vista permite a atacantes remotos sobre-escribir ficheros de su elección mediante vectores no especificado, también conocido como "Vulnerabilidad de Sobre-Escritura de Ficheros De Su Elección". • https://www.exploit-db.com/exploits/3892 http://secunia.com/advisories/23769 http://www.fortiguardcenter.com/advisory/FGA-2007-07.html http://www.kb.cert.org/vuls/id/500753 http://www.osvdb.org/34404 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23827 http://www.securitytracker.com/id?1018019 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1712 https://docs. •

CVSS: 9.3EPSS: 94%CPEs: 10EXPL: 0

CVE-2007-0944 – Microsoft Internet Explorer Table Column Deletion Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2007-0944

Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability." Vulnerabilidad no especificada en el método CTableCol::OnPropertyChange de Microsoft Internet Explorer 5.01 SP4 en Windows 2000 SP4; 6 SP1 en Windows 2000 SP4; y 6 en Windows XP SP2, o Windows Server 2003 SP1 o SP2 permite a atacantes remotos ejecutar código de su elección llamando a deleteCell en una fila de tabla con nombre, y después accediendo a la columna, lo cual provoca que Internet Explorer acceda a objetos previamente borrados, también conocida como "Vulnerabilidad de Corrupción de Memoria No Inicializada". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the CTableCol::OnPropertyChange() method. When a named table row in HTML contains a named table column, then calls the deleteCell() JavaScript method, any property of the table column, existing or not, accessed after the deletion takes place will trigger an exploitable memory corruption. • http://secunia.com/advisories/23769 http://www.osvdb.org/34400 http://www.securityfocus.com/archive/1/467989/100/0/threaded http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23771 http://www.securitytracker.com/id?1018019 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1712 http://www.zerodayinitiative.com/advisories/ZDI-07-027.html https://docs.microsoft.com/en-us/securit •

CVSS: 10.0EPSS: 96%CPEs: 7EXPL: 5

CVE-2007-1748 – Microsoft Windows - DNS DnssrvQuery Remote Stack Overflow

https://notcve.org/view.php?id=CVE-2007-1748

Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences. El desbordamiento de búfer en la región stack de la memoria, en la interfaz RPC en el Domain Name System (DNS) Server Service en Microsoft Windows versiones 2000 Server SP 4, Server 2003 SP 1 y Server 2003 SP 2, permite a los atacantes remotos ejecutar código arbitrario a través de un nombre de zona larga que contiene caracteres constantes representadas por secuencias de escape. • https://www.exploit-db.com/exploits/3740 https://www.exploit-db.com/exploits/3746 https://www.exploit-db.com/exploits/3737 https://www.exploit-db.com/exploits/16748 https://www.exploit-db.com/exploits/16366 http://blogs.technet.com/msrc/archive/2007/04/12/microsoft-security-advisory-935964-posted.aspx http://metasploit.com/svn/framework3/trunk/modules/exploits/windows/dcerpc/msdns_zonename.rb http://secunia.com/advisories/24871 http://www.kb.cert.org/vuls/id/555920 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0

CVE-2007-1206

https://notcve.org/view.php?id=CVE-2007-1206

The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped. La Máquina DOS Virtual (VDM) en el kernel de Windows en Microsoft Windows NT versiones 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1 y 2003 SP2; y Windows Vista anterior a Junio de 2006; utiliza permisos no seguros (PAGE_READWRITE) para una vista de memoria física, lo que permite a los usuarios locales conseguir privilegios al modificar la "Zero page" durante una condición de carrera antes de que la vista no esté asignada. • http://research.eeye.com/html/advisories/published/AD20070410a.html http://secunia.com/advisories/24834 http://securitytracker.com/id?1017898 http://www.kb.cert.org/vuls/id/337953 http://www.osvdb.org/34011 http://www.securityfocus.com/archive/1/465232/100/0/threaded http://www.securityfocus.com/archive/1/466331/100/200/threaded http://www.securityfocus.com/bid/23367 http://www.us-cert.gov/cas/techalerts/TA07-100A.html http://www.vupen.com/english/advisories/2007/ • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 94%CPEs: 12EXPL: 0

CVE-2007-1205

https://notcve.org/view.php?id=CVE-2007-1205

Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. Vulnerabilidad no especificada en Microsoft Agent (msagent\agentsvr.exe) en Windows 2000 SP4, XP SP2, y Server 2003, 2003 SP1, y 2003 SP2 permite a aacantes remotos ejecutar código de su elección a través de una URL manipulada, lo cual deriva en una corrupción de memoria. • http://secunia.com/advisories/22896 http://secunia.com/secunia_research/2006-74/advisory http://www.kb.cert.org/vuls/id/728057 http://www.securityfocus.com/archive/1/465235/100/0/threaded http://www.securityfocus.com/archive/1/466331/100/200/threaded http://www.securityfocus.com/bid/23337 http://www.securitytracker.com/id?1017896 http://www.us-cert.gov/cas/techalerts/TA07-100A.html http://www.vupen.com/english/advisories/2007/1324 https://docs.microsoft.com/en- •