CVSS: 9.3EPSS: 79%CPEs: 86EXPL: 0CVE-2006-0010
https://notcve.org/view.php?id=CVE-2006-0010
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. Desbordamiento de búfer basado en memoria dinámica en T2EMBED.DLL en Microsoft Windows 2000 SP4, XP SP1 y SP2 y Server 2003 hasta la versión SP1, Windows 98 y Windows ME permite a atacantes remotos ejecutar código arbitrario a través de un mensajes de correo electrónico o una página web con una fuente web Embedded Open Type (EOT) manipulada que desencadena el desbordamiento durante la descompresión. • http://seclists.org/fulldisclosure/2006/Jan/363 http://secunia.com/advisories/18311 http://secunia.com/advisories/18365 http://secunia.com/advisories/18391 http://securitytracker.com/id?1015459 http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm http://www.eeye.com/html/Research/Advisories/EEYEB20050801.html http://www.kb.cert.org/vuls/id/915930 http://www.osvdb.org/18829 http://www.securityfocus.com/archive/1/421885/100/0/threaded http://www.securityfocus.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 6%CPEs: 8EXPL: 1CVE-2006-0020
https://notcve.org/view.php?id=CVE-2006-0020
An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." • http://linuxbox.org/pipermail/funsec/2006-January/002828.html http://secunia.com/advisories/18729 http://secunia.com/advisories/18912 http://www.kb.cert.org/vuls/id/312956 http://www.microsoft.com/technet/security/advisory/913333.mspx http://www.osvdb.org/22976 http://www.securityfocus.com/bid/16516 http://www.us-cert.gov/cas/techalerts/TA06-045A.html http://www.vupen.com/english/advisories/2006/0469 https://docs.microsoft.com/en-us/security-updates/securitybulletins/200 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 94%CPEs: 30EXPL: 2CVE-2006-0143 – Microsoft Windows - Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-0143
Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths. • https://www.exploit-db.com/exploits/27051 http://blogs.technet.com/msrc/archive/2006/01/09/417198.aspx http://lostmon.blogspot.com/2007/08/windows-extended-file-attributes-buffer.html http://securitytracker.com/id?1015453 http://www.securityfocus.com/archive/1/421257/100/0/threaded http://www.securityfocus.com/archive/1/421258/100/0/threaded http://www.securityfocus.com/bid/16167 http://www.vupen.com/english/advisories/2006/0115 https://exchange.xforce.ibmcloud.com/vulnerabiliti • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 97%CPEs: 16EXPL: 4CVE-2005-4560 – Microsoft Windows XP/Vista/2003 - Metafile Escape() SetAbortProc Code Execution (MS06-001)
https://notcve.org/view.php?id=CVE-2005-4560
The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com. • https://www.exploit-db.com/exploits/16612 http://linuxbox.org/pipermail/funsec/2006-January/002455.html http://secunia.com/advisories/18255 http://secunia.com/advisories/18311 http://secunia.com/advisories/18364 http://secunia.com/advisories/18415 http://securitytracker.com/id?1015416 http://support.avaya.com/elmodocs2/security/ASA-2006-001.htm http://vil.mcafeesecurity.com/vil/content/v_137760.htm http://www.f-secure.com/weblog/archives/archive-122005.html#00000753 http:// • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2005-4269
https://notcve.org/view.php?id=CVE-2005-4269
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE. mshtml.dll en Microsoft Windows XP, Server 2003, e Internet Explorer 6.0 SP1, permite a atacantes causar una denegación de servicio (violación de acceso) causando que mshtml.dll procese eventos de foco de botón al mismo tiempo que un documento se está recargando, como se ha visto en Microsoft Office InfoPath 2003 haciendo clic repetidamente en el botón "Borrar" en una sección repetitiva en un formulario. NOTA: La operación normal de InfoPath parece conllevar un usuario local sin límites de privilegios, por lo que esto puede no ser una vulnerabilidad de Infopath. Si no existen escenarios realistas con este problema en otros productos, entonces quizás debería ser exclido de CVE. • http://support.microsoft.com/kb/908233 http://www.securiteam.com/windowsntfocus/6V00B1FEUE.html •