CVE-2007-3027 – Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2007-3027
Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability." Condición de carrera en Microsoft Internet Explorer 5.01, 6, y 7 permite a atacantes remotos ejecutar código de su elección provocando que Internet Explorer instale múltiples paquetes de idioma en un modo que dispara una corrupción de memoria, también conocida como "Vulnerabilidad de Instalación de Paquetes de Idioma". This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in routines responsible for the on-demand installation of Internet Explorer language packs. A race condition may occur when a web page contains several pieces of content written in a language not currently supported by any of the installed language packs. • http://osvdb.org/35350 http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.securityfocus.com/archive/1/471209/100/0/threaded http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/24429 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http://www.vupen.com/english/advisories/2007/2153 http://www.zerodayinitiative.com/advisories/ZDI-07-037.html https://docs.microsoft.com/en-us/security-updates/ •
CVE-2007-3091
https://notcve.org/view.php?id=CVE-2007-3091
Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability." Una condición de carrera en Microsoft Internet Explorer versión 6 SP1; versiones 6 y 7 para Windows XP SP2 y SP3; versiones 6 y versión 7 para Server 2003 SP2; versión 7 para Vista Gold, SP1 y SP2; y versión 7 para Server 2008 SP2 permite a los atacantes remotos ejecutar código arbitrario o realizar otras acciones en una transición de página, con los permisos de la página antigua y el contenido de la página nueva, como es demostrado por las funciones setInterval que configuran el archivo location.href dentro de una expresión try/catch, también se conoce como "bait & switch vulnerability" o "Race Condition Cross-Domain Information Disclosure Vulnerability." • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html http://lcamtuf.coredump.cx/ierace http://osvdb.org/38497 http://osvdb.org/54944 http://secunia.com/advisories/25564 http://securityreason.com/securityalert/2781 http://securitytracker.com/id?1018192 http://www.kb.cert.org/vuls/id/471361 http://www.securityfocus.com/archive/1/470446/100/0/threaded http://www.securityfocus.com/bid/24283 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2007-2999
https://notcve.org/view.php?id=CVE-2007-2999
Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names. Microsoft Windows Server 2003, cuando las restricciones de tiempo están en efecto para las cuentas del usuario, genera diversos mensajes de error para las tentativas falladas de conexión con un nombre válido de usuario que para aquellos que tengan un nombre inválido de usuario, permite que los atacantes dependientes del contexto determinen nombres de cuenta activos válidos del directorio. • http://osvdb.org/36138 http://secunia.com/advisories/25457 http://www.notsosecure.com/folder2/2007/05/27/logon-time-restrictions-in-a-domain-in-windows-server-2003-allows-username-enumeration http://www.securityfocus.com/bid/24248 •
CVE-2007-0942
https://notcve.org/view.php?id=CVE-2007-0942
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll. Microsoft Internet Explorer versión 5.01 SP4 en Windows 2000 SP4; versión 6 SP1 en Windows 2000 SP4; versiones 6 y 7 en Windows XP SP2, o Windows Server 2003 SP1 o SP2; y posiblemente versión 7 en Windows Vista "instantiate certain COM objects as ActiveX controls" inapropiadamente, que permite a los atacantes remotos ejecutar código arbitrario por medio de un objeto COM creado de la biblioteca chtskdic.dll. • http://secunia.com/advisories/23769 http://www.osvdb.org/34399 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securitytracker.com/id?1018019 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1712 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027 https://exchange.xforce.ibmcloud.com/vulnerabilities/33252 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval •
CVE-2007-0947
https://notcve.org/view.php?id=CVE-2007-0947
Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. Una vulnerabilidad de uso de memoria previamente liberada en Microsoft Internet Explorer 7 en Windows XP SP2, Windows Server 2003 SP1 o SP2, o Windows Vista permite a los atacantes remotos ejecutar código arbitrario por medio de objetos HTML creados, resultando en el acceso a la memoria desasignada de objetos CMarkup, también conocida como el segunda de dos "HTML Objects Memory Corruption Vulnerabilities" y un problema diferente de CVE-2007-0946. • http://secunia.com/advisories/23769 http://secunia.com/secunia_research/2007-36/advisory http://www.osvdb.org/34403 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23772 http://www.securitytracker.com/id?1018019 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1712 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027 https://exchange.xforce.ibmcloud. • CWE-399: Resource Management Errors •