Page 7 of 68 results (0.007 seconds)

CVSS: 10.0EPSS: 43%CPEs: 37EXPL: 0

Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer. • http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0062.html http://secunia.com/advisories/15683 http://www.kb.cert.org/vuls/id/851869 http://www.securityfocus.com/bid/13953 http://www.us-cert.gov/cas/techalerts/TA05-165A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-026 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef&# •

CVSS: 5.0EPSS: 93%CPEs: 296EXPL: 2

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt http://secunia.com/advisories/15393 http://secunia.com/advisories/15417 http://secunia.com/advisories/18222 http://secunia.com/advisories/18662 http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml http:/& •

CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 3

The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016). • https://www.exploit-db.com/exploits/861 http://www.ntbugtraq.com/default.aspx?pid=36&sid=1&A2=ind0505&L=NTBUGTRAQ&P=R409&D=0&F=N&H=0&O=D&T=0 http://www.securityfocus.com/bid/13658 http://www.vupen.com/english/advisories/2005/0559 •

CVSS: 5.0EPSS: 63%CPEs: 55EXPL: 1

The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" packets. NOTE: some followups indicate that this issue could not be replicated. • https://www.exploit-db.com/exploits/25439 http://seclists.org/lists/fulldisclosure/2005/Apr/0358.html http://seclists.org/lists/fulldisclosure/2005/Apr/0383.html http://seclists.org/lists/fulldisclosure/2005/Apr/0385.html http://www.securityfocus.com/bid/13215 https://exchange.xforce.ibmcloud.com/vulnerabilities/40502 •

CVSS: 7.5EPSS: 92%CPEs: 21EXPL: 1

The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document. • https://www.exploit-db.com/exploits/938 http://marc.info/?l=bugtraq&m=111755356016155&w=2 http://www.idefense.com/application/poi/display?id=231&type=vulnerabilities http://www.securiteam.com/exploits/5YP0T0AFFW.html http://www.securityfocus.com/bid/13132 http://www.vupen.com/english/advisories/2005/0335 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2184 https:// •