CVSS: 9.8EPSS: 46%CPEs: 8EXPL: 1CVE-2006-0020
https://notcve.org/view.php?id=CVE-2006-0020
10 Jan 2006 — An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." • http://linuxbox.org/pipermail/funsec/2006-January/002828.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 10%CPEs: 8EXPL: 3CVE-2005-4717 – Microsoft Internet Explorer 6 - Malformed HTML Parsing Denial of Service
https://notcve.org/view.php?id=CVE-2005-4717
31 Dec 2005 — Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. • https://www.exploit-db.com/exploits/26457 •
CVSS: 7.8EPSS: 63%CPEs: 9EXPL: 1CVE-2005-2123 – Microsoft Windows Metafile - 'mtNoObjects' Denial of Service (MS05-053)
https://notcve.org/view.php?id=CVE-2005-2123
09 Nov 2005 — Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord. eEye Digital Security has discovered a vulnerability in the way the Windows Graphical Device Interface (GDI) processes Windows Metafile (WMF) format image files that would... • https://www.exploit-db.com/exploits/1346 •
CVSS: 7.8EPSS: 83%CPEs: 9EXPL: 2CVE-2005-2124 – Microsoft Windows Metafile - 'mtNoObjects' Denial of Service (MS05-053)
https://notcve.org/view.php?id=CVE-2005-2124
09 Nov 2005 — Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka "Windows Metafile Vulnerability." eEye Digital Security has discovered a heap overflow vulnerability in the way the Windows Graphical Device Interface (GDI) processes Windows enhanced metafile images (file extensio... • https://www.exploit-db.com/exploits/1346 •
CVSS: 9.8EPSS: 58%CPEs: 5EXPL: 0CVE-2005-1985
https://notcve.org/view.php?id=CVE-2005-1985
13 Oct 2005 — The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages. • http://secunia.com/advisories/17165 •
CVSS: 9.8EPSS: 61%CPEs: 10EXPL: 0CVE-2005-1987 – Technical Cyber Security Alert 2005-284A
https://notcve.org/view.php?id=CVE-2005-1987
12 Oct 2005 — Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string. Sec-1 has identified an exploitable buffer overflow within Collaboration Data Objects (Cdosys.dll and Cdoex.dll). The vulnerability exists when event sinks are used within Microsoft Exchange 2000 or Microsoft Mail services to... • http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0289.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 78%CPEs: 9EXPL: 2CVE-2005-1979 – Microsoft Windows - DTC Remote (MS05-051)
https://notcve.org/view.php?id=CVE-2005-1979
11 Oct 2005 — Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality. Remote exploitation of a denial of service vulnerability within various versions of Microsoft Corp.'s Windows operating system allows attackers to cause the msdtc.exe process to crash. The vulnerability specifica... • https://www.exploit-db.com/exploits/1352 •
CVSS: 7.5EPSS: 68%CPEs: 9EXPL: 1CVE-2005-1980 – Microsoft Windows - DTC Remote (MS05-051)
https://notcve.org/view.php?id=CVE-2005-1980
11 Oct 2005 — Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability." Remote exploitation of a denial of service vulnerability within various versions of Microsoft Corp.'s Windows operating system allows attackers to flood systems with connection attempts from le... • https://www.exploit-db.com/exploits/1352 •
CVSS: 9.1EPSS: 58%CPEs: 9EXPL: 2CVE-2005-2119 – Microsoft Windows - DTC Remote (MS05-051)
https://notcve.org/view.php?id=CVE-2005-2119
11 Oct 2005 — The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer. Microsoft has released updates that address critical vulnerabilities in Windows, Internet Explorer, and Exchange Server. Exp... • https://www.exploit-db.com/exploits/1352 •
CVSS: 7.8EPSS: 44%CPEs: 9EXPL: 1CVE-2005-1978 – Microsoft Windows - DTC Remote (MS05-051)
https://notcve.org/view.php?id=CVE-2005-1978
11 Oct 2005 — COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code. Microsoft has released updates that address critical vulnerabilities in Windows, Internet Explorer, and Exchange Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on an affected system. • https://www.exploit-db.com/exploits/1352 •