CVSS: 9.0EPSS: 55%CPEs: 8EXPL: 0CVE-2008-1456
https://notcve.org/view.php?id=CVE-2008-1456
13 Aug 2008 — Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers. Vulnerabilidad de índice de array en el Sistema de Eventos de Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1 y Server 2008 permite a usuarios autentificados remotamente... • http://marc.info/?l=bugtraq&m=121915960406986&w=2 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 51%CPEs: 8EXPL: 0CVE-2008-1457
https://notcve.org/view.php?id=CVE-2008-1457
13 Aug 2008 — The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. El Sistema de Eventos en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1 y Server 2008 no valida correctamente las subscripciones por usuario, lo que permite a usuarios autentificados remotament... • http://marc.info/?l=bugtraq&m=121915960406986&w=2 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 68%CPEs: 15EXPL: 0CVE-2008-3006 – Microsoft Excel COUNTRY Record Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-3006
12 Aug 2008 — Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability." Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 ... • http://marc.info/?l=bugtraq&m=121915960406986&w=2 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 8%CPEs: 10EXPL: 2CVE-2008-3365 – PixelPost 1.7.1 - 'language_full' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-3365
30 Jul 2008 — Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter. Vulnerabilidad de salto de directorio en index.php en Pixelpost 1.7.1 sobre Windows, cuando "register_globals" está activado, permite a atacantes remotos incluir y ejecutar archivos locales a través de .. (punto punto) en el parámetro "languaje_full". • https://www.exploit-db.com/exploits/6150 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 58%CPEs: 10EXPL: 0CVE-2008-1445
https://notcve.org/view.php?id=CVE-2008-1445
12 Jun 2008 — Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. Active Directory en Microsoft Windows 2000 Server SP4, XP Professional SP2 y SP3, Server 2003 SP1 y SP2, y Server 2008 permite a usuarios autenticados causar una denegación de servicio (caída del sistema o reinicio) a través de una petición LDAP manipulada. • http://secunia.com/advisories/30586 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 62%CPEs: 20EXPL: 0CVE-2008-0011
https://notcve.org/view.php?id=CVE-2008-0011
12 Jun 2008 — Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability." Microsoft DirectX 8.1 a 9.0c, y DirectX en Microsoft XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008 no realiza adecuadamente la comprobación de errores... • http://marc.info/?l=bugtraq&m=121380194923597&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 63%CPEs: 20EXPL: 0CVE-2008-1444 – Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-1444
10 Jun 2008 — Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability." Desbordamiento de búfer basado en pila en Microsoft DirectX 7.0 y 8.1 o en Windows 2000 SP4 permite a atacantes remotos ejecutar código de su elección a través de un archivo Synchronized Accessible Media Interchange (SAMI) co... • http://marc.info/?l=bugtraq&m=121380194923597&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 55%CPEs: 16EXPL: 0CVE-2008-1086
https://notcve.org/view.php?id=CVE-2008-1086
08 Apr 2008 — The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. El HxTocCtrl ActiveX control (hxvz.dll), usado en Microsoft Internet Explorer 5.01 SP4 y 6 SP1, en Windows XP SP2, Server 2003 SP1 y SP2, Vista SP1 y Server 2008, permite a atacantes remotos ejecutar código de su elección a través... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=680 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 48%CPEs: 14EXPL: 2CVE-2008-1087 – Microsoft Windows - GDI Image Parsing Stack Overflow (MS08-021)
https://notcve.org/view.php?id=CVE-2008-1087
08 Apr 2008 — Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." Desbordamiento de búfer basado en pila en GDI de Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 y SP2, Vista, y Server 2008, permite a atacantes remotos ejecutar código de su elección a través de un fichero de imagen EMF con los parámetros... • https://www.exploit-db.com/exploits/5442 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •