CVSS: 7.1EPSS: 93%CPEs: 10EXPL: 0CVE-2008-1445
https://notcve.org/view.php?id=CVE-2008-1445
Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. Active Directory en Microsoft Windows 2000 Server SP4, XP Professional SP2 y SP3, Server 2003 SP1 y SP2, y Server 2008 permite a usuarios autenticados causar una denegación de servicio (caída del sistema o reinicio) a través de una petición LDAP manipulada. • http://secunia.com/advisories/30586 http://securitytracker.com/id?1020229 http://www.securityfocus.com/archive/1/493338/100/0/threaded http://www.securityfocus.com/archive/1/493342/100/0/threaded http://www.securityfocus.com/bid/29584 http://www.us-cert.gov/cas/techalerts/TA08-162B.html http://www.vupen.com/english/advisories/2008/1782 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-035 https://oval.cisecurity.org/repository/search/definition/oval% • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 91%CPEs: 20EXPL: 0CVE-2008-0011
https://notcve.org/view.php?id=CVE-2008-0011
Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability." Microsoft DirectX 8.1 a 9.0c, y DirectX en Microsoft XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008 no realiza adecuadamente la comprobación de errores MJPEG lo cual podría permitir a usuarios remotos ejecutar código de su elección a través de una cadena de datos MJPEG manipulada en un archivo (1) AVI o (2) ASF, también conocida como la "Vulnerabilidad del decodificador MJPEG" • http://marc.info/?l=bugtraq&m=121380194923597&w=2 http://secunia.com/advisories/30579 http://securitytracker.com/id?1020222 http://www.securityfocus.com/bid/29581 http://www.us-cert.gov/cas/techalerts/TA08-162B.html http://www.vupen.com/english/advisories/2008/1780 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.3EPSS: 0%CPEs: 5EXPL: 0CVE-2008-1453
https://notcve.org/view.php?id=CVE-2008-1453
The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets. La pila Bluetooth en Microsoft Windows XP SP2 y SP3, y Vista Gold y SP1 permite a atacantes fisicamente próximos ejecutar código de su elección a través de una larga serie de paquetes Service Discovery Protocol (SDP). • http://secunia.com/advisories/30051 http://securitytracker.com/id?1020221 http://www.securityfocus.com/bid/29522 http://www.us-cert.gov/cas/techalerts/TA08-162B.html http://www.vupen.com/english/advisories/2008/1777 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-030 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4730 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 88%CPEs: 20EXPL: 0CVE-2008-1444 – Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-1444
Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability." Desbordamiento de búfer basado en pila en Microsoft DirectX 7.0 y 8.1 o en Windows 2000 SP4 permite a atacantes remotos ejecutar código de su elección a través de un archivo Synchronized Accessible Media Interchange (SAMI) con parámetros manipulados para una variable Class Name, también conocida como la "Vulnerabilidad SAMI Format Parsing" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of SAMI files. When handling the properties of a "Class Name" variable a lack of bounds checking can result in a stack overflow. Successful exploitation can lead to remote code execution under the credentials of the logged in user. • http://marc.info/?l=bugtraq&m=121380194923597&w=2 http://secunia.com/advisories/30579 http://securityreason.com/securityalert/3937 http://securitytracker.com/id?1020223 http://www.securityfocus.com/archive/1/493250/100/0/threaded http://www.securityfocus.com/bid/29578 http://www.us-cert.gov/cas/techalerts/TA08-162B.html http://www.vupen.com/english/advisories/2008/1780 http://www.zerodayinitiative.com/advisories/ZDI-08-040 https://docs.microsoft.com/en-us/security-updates&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2163
https://notcve.org/view.php?id=CVE-2008-2163
Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 before Hotfix 5 for Windows and AIX, and before Hotfix 3 for i5/OS, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to "WYSIWYG editors." Vulnerabilidad de Secuencias de comandos en sitios cruzados en IBM Lotus Quickr 8.1 versiones anteriores al Hotfix 5 para Windows y AIX, y anteriores al Hotfix 3 para i5/OS, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos, relacionada con "editores WYSIWYG." • http://secunia.com/advisories/30204 http://www-01.ibm.com/support/docview.wss?uid=swg27013341 http://www-1.ibm.com/support/docview.wss?uid=swg24018711 http://www.securityfocus.com/bid/29175 http://www.vupen.com/english/advisories/2008/1502/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •