Page 68 of 366 results (0.017 seconds)

CVSS: 7.5EPSS: 22%CPEs: 4EXPL: 1

CVE-2007-3493 – NCTAudioStudio2 - ActiveX DLL 2.6.1.148 'CreateFile()'/ Insecure Method

https://notcve.org/view.php?id=CVE-2007-3493

A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400. Cierto control ActiveX en NCTWavChunksEditor2.dll 2.6.1.148 de NCTAudioStudio (NCTAudioStudio2) 2.7, como el utilizado por Sienzo DMM y probablemente otros productos, permite a atacantes remotos crear y sobrescribir ficheros de su elección mediante nombre de ruta completo en el argumento al método CreateFile, un vector diferente de CVE-2007-3400. • https://www.exploit-db.com/exploits/4109 http://osvdb.org/37673 http://secunia.com/advisories/25851 http://www.securityfocus.com/bid/24656 http://www.shinnai.altervista.org/exploits/ntcwavchunkstxt.html http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Exploits&argument=Remote&topic=1182845325.ff.php&page=last http://www.vupen.com/english/advisories/2007/2351 https://exchange.xforce.ibmcloud.com/vulnerabilities/35081 •

CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0

CVE-2007-3341

https://notcve.org/view.php?id=CVE-2007-3341

Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217. Vulnerabilidad sin especificar en la implementación del FTP del Microsoft Internet Explorer permite a atacantes remotos "ver una dirección de memoria válida" a través de vectores sin especificar, vulnerabilidad diferente a la CVE-2007-0217. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473 http://osvdb.org/36398 •

CVSS: 9.3EPSS: 96%CPEs: 19EXPL: 3

CVE-2007-2222 – Microsoft Speech API ActiveX Control (Windows 2000 SP4) - Remote Buffer Overflow (MS07-033)

https://notcve.org/view.php?id=CVE-2007-2222

Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. Múltiples desbordamientos de búfer en los controles de voz (1) ActiveListen (en la biblioteca Xlisten.dll) y (2) ActiveVoice (en la biblioteca Xvoice.dll), tal como son utilizados por Microsoft Internet Explorer en las versiones 5.01, 6 y 7, permiten a los atacantes remotos ejecutar código arbitrario por medio de un Objeto ActiveX que activa la corrupción de la memoria, como se demuestra por medio del parámetro ModeName a la función FindEngine en ACTIVEVOICEPROJECTLib.DirectSS. • https://www.exploit-db.com/exploits/4065 https://www.exploit-db.com/exploits/4066 http://osvdb.org/35353 http://retrogod.altervista.org/win_speech_2k_sp4.html http://retrogod.altervista.org/win_speech_xp_sp2.html http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.exploit-db.com/exploits/4065 http://www.kb.cert.org/vuls/id/507433 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/2442 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 80%CPEs: 19EXPL: 0

CVE-2007-1750

https://notcve.org/view.php?id=CVE-2007-1750

Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. Vulnerabilidad no especificada en Microsoft Internet Explorer 6 permite a atacantes remotos ejecutar código de su elección mediante una etiqueta de Hoja de Estilo en Cascada (CSS) que dispara una corrupción de memoria. • http://osvdb.org/35349 http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/24423 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http://www.vupen.com/english/advisories/2007/2153 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033 https://exchange.xforce.ibmcloud.com/vulnerabilities/34619 https://oval.cisecurity.org/repository/sear •

CVSS: 9.3EPSS: 83%CPEs: 19EXPL: 0

CVE-2007-0218

https://notcve.org/view.php?id=CVE-2007-0218

Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. Microsoft Internet Explorer versiones 5.01 y 6 permite a los atacantes remotos ejecutar código arbitrario mediante peticiones de determinados objetos COM desde la biblioteca Urlmon.dll, lo que desencadena corrupción de memoria durante una llamada a la función IObjectSafety. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=542 http://osvdb.org/35348 http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/24372 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http://www.vupen.com/english/advisories/2007/2153 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033 https://exchange.xforce.ib • CWE-94: Improper Control of Generation of Code ('Code Injection') •