Page 7 of 71 results (0.062 seconds)

CVSS: 6.6EPSS: 0%CPEs: 14EXPL: 3

CVE-2007-1212 – Microsoft Windows - GDI Privilege Escalation (MS07-017)

https://notcve.org/view.php?id=CVE-2007-1212

Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file. Desbordamiento de búfer en el Graphics Device Interface (GDI) en Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, y SP2; y Vista permite a usuarios locales ganar privilegios a través de archivos de imágenes con formato Enhanced Metafile(EMF). • https://www.exploit-db.com/exploits/3688 https://www.exploit-db.com/exploits/3755 https://www.exploit-db.com/exploits/3804 http://www.securityfocus.com/archive/1/466186/100/200/threaded http://www.securityfocus.com/bid/23278 http://www.securitytracker.com/id?1017844 http://www.vupen.com/english/advisories/2007/1215 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef •

CVSS: 7.1EPSS: 8%CPEs: 12EXPL: 3

CVE-2007-1211 – Microsoft Windows - GDI Privilege Escalation (MS07-017)

https://notcve.org/view.php?id=CVE-2007-1211

Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a kernel structure, a related issue to CVE-2005-4560. Funciones GDI no especificadas del kernel en Microsoft Windows 2000 SP4; XP SP2; y Server 2003 Gold, SP1 y SP2, permiten a los atacantes remotos asistidos por el usuario causar una denegación de servicio (reinicio posiblemente persistente) por medio de una imagen de Windows Metafile (WMF) creada que causa una desreferencia no válida de un desplazamiento (offset) en una estructura del kernel, un problema relacionado al CVE-2005-4560. • https://www.exploit-db.com/exploits/3688 https://www.exploit-db.com/exploits/3755 https://www.exploit-db.com/exploits/3804 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=499 http://www.securityfocus.com/archive/1/466186/100/200/threaded http://www.securityfocus.com/bid/23275 http://www.securitytracker.com/id?1017843 http://www.vupen.com/english/advisories/2007/1215 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017 https:/&#x • CWE-399: Resource Management Errors •

CVSS: 7.2EPSS: 0%CPEs: 14EXPL: 3

CVE-2007-1215 – Microsoft Windows - GDI Privilege Escalation (MS07-017)

https://notcve.org/view.php?id=CVE-2007-1215

Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images. Desbordamiento de búfer en el Graphics Device Interface (GDI) del Microsoft Windows 2000 SP4, XP SP2, Server 2003 Gold, SP1, y SP2 y en el Vista permite a usuarios locales obtener privilegios mediante ciertos "parámetros de colores relacionados" en imágenes manipuladas. • https://www.exploit-db.com/exploits/3688 https://www.exploit-db.com/exploits/3755 https://www.exploit-db.com/exploits/3804 http://www.securityfocus.com/archive/1/466186/100/200/threaded http://www.securityfocus.com/bid/23273 http://www.securitytracker.com/id?1017847 http://www.vupen.com/english/advisories/2007/1215 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef •

CVSS: 9.3EPSS: 34%CPEs: 14EXPL: 16

CVE-2007-0038 – Microsoft Windows Explorer - '.ANI' File Denial of Service

https://notcve.org/view.php?id=CVE-2007-0038

Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred. Un desbordamiento de búfer en la región stack de la memoria en el código de cursor animado en Microsoft Windows 2000 SP4 hasta Vista, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (reinicio persistente) por medio de un valor de gran longitud en el segundo bloque anih (o posterior) de un archivo RIFF .ANI, cur o .ico, lo que resulta en una corrupción de memoria cuando se procesan cursores, cursores animados e iconos, una variante de CVE-2005-0416, como es demostrado originalmente usando Internet Explorer versiones 6 y 7. NOTA: esto podría ser un duplicado de CVE-2007-1765; si es así, entonces CVE-2007-0038 debe ser preferido. • https://www.exploit-db.com/exploits/3684 https://www.exploit-db.com/exploits/3647 https://www.exploit-db.com/exploits/3695 https://www.exploit-db.com/exploits/3652 https://www.exploit-db.com/exploits/3617 https://www.exploit-db.com/exploits/3688 https://www.exploit-db.com/exploits/3755 https://www.exploit-db.com/exploits/3804 https://www.exploit-db.com/exploits/3636 https://www.exploit-db.com/exploits/3651 https://www.exploit-db.com/exploits/4045 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0

CVE-2007-1512

https://notcve.org/view.php?id=CVE-2007-1512

Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025. Desbordamiento de búfer basado en pila en la función AfxOleSetEditMenu en el componente MFC de Microsoft Windows 2000 SP4, XP SP2, y Server 2003 Gold y SP1, y Visual Studio .NET 2002 Gold y SP1, y 2003 Gold y SP1 permite a atacantes remotos con la complicidad del usuario tener un impacto desconocido (posiblemente caída) mediante un fichero RTF con un objeto OLE mal formado, lo cual resulta en la escritura de 2 caracteres 0x00 pasado el final de szBuffer, también conocido como "MFC42u.dll Off-by-Two Overflow". NOTA: este asunto es debido a un parche incompleto (MS07-012) para CVE-2007-0025. • http://www.securityfocus.com/archive/1/463009/100/0/threaded •