CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2007-0351
https://notcve.org/view.php?id=CVE-2007-0351
Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user. Microsoft Windows XP y Windows Server 2003 no manejan apropiadamente el cierre de sesión del usuario, lo que podría permitir a los usuarios locales conseguir los privilegios de un usuario de sistema anterior, posiblemente relacionados con el error de descarga del perfil de usuario. NOTA: no está claro si esto es un problema en Windows en sí, o una interacción con otro producto. • http://www.securityfocus.com/archive/1/457167/100/0/threaded http://www.securityfocus.com/archive/1/457217/100/0/threaded http://www.securityfocus.com/archive/1/457340/100/0/threaded http://www.securityfocus.com/archive/1/457807/100/200/threaded http://www.securityfocus.com/archive/1/459838/100/0/threaded •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2006-6901
https://notcve.org/view.php?id=CVE-2006-6901
Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. Vulnerabilidad no especificada en la pila Bluetooth de Microsoft Windows permite a atacantes remotos obtener acceso administrativo (también conocido como Root Remoto) a mediante vectores no especificados. • http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf http://osvdb.org/36144 http://www.securityfocus.com/archive/1/455889/100/0/threaded •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2006-5585
https://notcve.org/view.php?id=CVE-2006-5585
The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability." El Subsistema Client-Server Run-time de Microsoft Windows XP SP2 y Server 2003 permite a usuarios locales la obtención de privilegios a través de un fichero manipulado manifestándose dentro de la aplicación, también conocido como "File Manifest Corruption Vulnerability." • http://secunia.com/advisories/23308 http://secunia.com/advisories/23348 http://securitytracker.com/id?1017370 http://www.securityfocus.com/archive/1/454969/100/200/threaded http://www.us-cert.gov/cas/techalerts/TA06-346A.html http://www.vupen.com/english/advisories/2006/4968 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-075 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A560 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 56%CPEs: 8EXPL: 0CVE-2006-3445
https://notcve.org/view.php?id=CVE-2006-3445
Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow. Microsoft Agent en Microsoft Windows 2000 SP4, XP SP2, y Server 2003 hasta el SP1 permite a atacantes remotos ejecutar código de su elección mediante un fichero .ACF artesanal que dispara una corrupción de memoria. • http://secunia.com/advisories/22878 http://securitytracker.com/id?1017222 http://www.coseinc.com/alert.html http://www.kb.cert.org/vuls/id/810772 http://www.securityfocus.com/archive/1/458558/100/0/threaded http://www.securityfocus.com/bid/21034 http://www.us-cert.gov/cas/techalerts/TA06-318A.html http://www.vupen.com/english/advisories/2006/4506 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-068 https://exchange.xforce.ibmcloud.com/vuln • CWE-189: Numeric Errors •
CVSS: 9.0EPSS: 97%CPEs: 6EXPL: 0CVE-2006-4696
https://notcve.org/view.php?id=CVE-2006-4696
Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability." Vulnerabilidad no especificada en el servicio Server en Microsoft Windows 2000 SP4, Server 2003 SP1 y anteriores, y XP SP2 y anteriores permite a atacantes remotos ejecutar código de su elección mediante un paquete artesanal, también conocido como "Vulnerabilidad de Renombramiento SMB". • http://securitytracker.com/id?1017035 http://www.kb.cert.org/vuls/id/820628 http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20373 http://www.vupen.com/english/advisories/2006/3982 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-063 https://exchange.xforce.ibmcloud.com/vulnerabilities/29373 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •