CVSS: 9.3EPSS: 94%CPEs: 45EXPL: 3CVE-2006-0005 – Microsoft Windows Media Player - Plugin Overflow (MS06-006)
https://notcve.org/view.php?id=CVE-2006-0005
Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute. • https://www.exploit-db.com/exploits/1520 https://www.exploit-db.com/exploits/1505 https://www.exploit-db.com/exploits/1504 http://secunia.com/advisories/18852 http://securitytracker.com/id?1015628 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=393 http://www.kb.cert.org/vuls/id/692060 http://www.securityfocus.com/bid/16644 http://www.us-cert.gov/cas/techalerts/TA06-045A.html http://www.vupen.com/english/advisories/2006/0575 https://docs.micr • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2006-0488
https://notcve.org/view.php?id=CVE-2006-0488
The VDM (Virtual DOS Machine) emulation environment for MS-DOS applications in Windows 2000, Windows XP SP2, and Windows Server 2003 allows local users to read the first megabyte of memory and possibly obtain sensitive information, as demonstrated by dumper.asm. • http://www.securityfocus.com/archive/1/423169/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/24471 •
CVSS: 7.5EPSS: 29%CPEs: 6EXPL: 0CVE-2006-0376
https://notcve.org/view.php?id=CVE-2006-0376
The 802.11 wireless client in certain operating systems including Windows 2000, Windows XP, and Windows Server 2003 does not warn the user when (1) it establishes an association with a station in ad hoc (aka peer-to-peer) mode or (2) a station in ad hoc mode establishes an association with it, which allows remote attackers to put unexpected wireless communication into place. • http://securityreason.com/securityalert/349 http://securitytracker.com/id?1015489 http://www.nmrc.org/pub/advise/20060114.txt http://www.securiteam.com/windowsntfocus/5YP0D2KHHO.html http://www.securityfocus.com/archive/1/421868/100/0/threaded http://www.theta44.org/karma https://exchange.xforce.ibmcloud.com/vulnerabilities/24157 •
CVSS: 9.3EPSS: 79%CPEs: 86EXPL: 0CVE-2006-0010
https://notcve.org/view.php?id=CVE-2006-0010
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. Desbordamiento de búfer basado en memoria dinámica en T2EMBED.DLL en Microsoft Windows 2000 SP4, XP SP1 y SP2 y Server 2003 hasta la versión SP1, Windows 98 y Windows ME permite a atacantes remotos ejecutar código arbitrario a través de un mensajes de correo electrónico o una página web con una fuente web Embedded Open Type (EOT) manipulada que desencadena el desbordamiento durante la descompresión. • http://seclists.org/fulldisclosure/2006/Jan/363 http://secunia.com/advisories/18311 http://secunia.com/advisories/18365 http://secunia.com/advisories/18391 http://securitytracker.com/id?1015459 http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm http://www.eeye.com/html/Research/Advisories/EEYEB20050801.html http://www.kb.cert.org/vuls/id/915930 http://www.osvdb.org/18829 http://www.securityfocus.com/archive/1/421885/100/0/threaded http://www.securityfocus.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 6%CPEs: 8EXPL: 1CVE-2006-0020
https://notcve.org/view.php?id=CVE-2006-0020
An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." • http://linuxbox.org/pipermail/funsec/2006-January/002828.html http://secunia.com/advisories/18729 http://secunia.com/advisories/18912 http://www.kb.cert.org/vuls/id/312956 http://www.microsoft.com/technet/security/advisory/913333.mspx http://www.osvdb.org/22976 http://www.securityfocus.com/bid/16516 http://www.us-cert.gov/cas/techalerts/TA06-045A.html http://www.vupen.com/english/advisories/2006/0469 https://docs.microsoft.com/en-us/security-updates/securitybulletins/200 • CWE-189: Numeric Errors •