CVSS: 7.8EPSS: 90%CPEs: 2EXPL: 1CVE-2006-6723 – Microsoft Windows - 'NetrWkstaUserEnum()' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-6723
The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request. El servicio Estación de Trabajo (Workstation)de Microsoft Windows 2000 SP4 y XP SP2 permite a atacantes remotos provocar una denegación de servicio (agotamiento de memoria) mediante un valor maxlen muy grande en una petición RPC NetrWkstaUserEnum. • https://www.exploit-db.com/exploits/3013 http://secunia.com/advisories/23487 http://securitytracker.com/id?1017441 http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116 http://www.vupen.com/english/advisories/2006/5142 • CWE-399: Resource Management Errors •
CVSS: 6.9EPSS: 57%CPEs: 29EXPL: 2CVE-2006-6696 – Microsoft Windows - 'MessageBox' Memory Corruption Local Denial of Service
https://notcve.org/view.php?id=CVE-2006-6696
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. Vulnerabilidad de liberación de memoria doble en Microsoft Windows 2000, XP, 2003, y Vista, permite a usuarios locales obtener privilegios llamando a la función MessageBox con un mensaje MB_SERVICE_NOTIFICATION con datos manipulados, lo cual envía un mensaje HardError al proceso Subsistema de servidor en ejecución de Cliente/Servidor (CSSRSS), que no es gestionado apropiadamente cuando se invocan las funciones UserHardError y GetHardErrorText en WINSRV.DLL. • https://www.exploit-db.com/exploits/2967 https://www.exploit-db.com/exploits/3024 http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx http://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5aff http://isc.sans.org/diary.php?n&storyid=1965 http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051394.html http://research.eeye.com/html/alerts/zeroday/20061215.html http://sec • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2006-5584
https://notcve.org/view.php?id=CVE-2006-5584
The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS. El Remote Installation Service (RIS) de Microsoft Windows 2000 SP4 utiliza el servidor TFTP que permite el acceso anónimo, el cual permite a atacantes remotos enviar y sobrescribir ficheros de su elección para obtener privilegios sobre el sistema que utilicen el RIS. • http://secunia.com/advisories/23312 http://securitytracker.com/id?1017368 http://www.kb.cert.org/vuls/id/238064 http://www.securityfocus.com/archive/1/454969/100/200/threaded http://www.securityfocus.com/bid/21495 http://www.us-cert.gov/cas/techalerts/TA06-346A.html http://www.vupen.com/english/advisories/2006/4970 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-077 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3A •
CVSS: 6.1EPSS: 96%CPEs: 3EXPL: 2CVE-2006-6296 – Microsoft Windows - spoolss GetPrinterData() Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-6296
The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644. La función RpcGetPrinterData en el servicio Print Spooler (spoolsv.exe) en Microsoft Windows 2000 SP4 y anteriores, y posiblemente Windows XP SP1 y anteriores, permiten a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de una respuesta RPC que especifica un gran valor 'offered' (fuera del tamaño de búfer), una variante de CVE-2005-3644. • https://www.exploit-db.com/exploits/2879 http://research.eeye.com/html/alerts/zeroday/20051116.html http://secunia.com/advisories/23196 http://securitytracker.com/id?1017330 http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116 http://www.kb.cert.org/vuls/id/914617 http://www.securityfocus.com/bid/21401 http://www.vupen.com/english/advisories/2006/4827 https://exchange.xforce.ibmcloud.com/vulnerabilities/30717 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 3%CPEs: 7EXPL: 2CVE-2006-6261 – Quintessential Player 4.50.1.82 - Playlist Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2006-6261
Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields. Desbordamiento de búfer en Quintessential Player 4.50.1.82 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante un fichero (1) M3u o (2) M3u-8 manipulado; o mediante un (3) fichero PLS artesanal con un valor grande en los campos (a) NumberofEntries, (b) Length (también conocido como Length1), (c) Filename (aka File1), (d) Title (también conocido como Title1), u otros campos no especificados. • https://www.exploit-db.com/exploits/2860 http://www.securityfocus.com/bid/21331 https://exchange.xforce.ibmcloud.com/vulnerabilities/30559 •