CVSS: 10.0EPSS: 51%CPEs: 51EXPL: 0CVE-2004-0901
https://notcve.org/view.php?id=CVE-2004-0901
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571. El Convertidor de Microsoft Word para Windows 6.0 no valida adecuadamente ciertas longitudes de datos, lo que permite a atacantes remotos ejecutar código de su elección mediante ficheros .wri, .rtf y .doc enviados por correo electrónico o sitios web maliciosos, también llamada "Vulnerabilidad de conversión de fuentes". • http://www.ciac.org/ciac/bulletins/p-055.shtml http://www.idefense.com/application/poi/display?id=162&type=vulnerabilities&flashstatus=true https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-041 https://exchange.xforce.ibmcloud.com/vulnerabilities/18338 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1241 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1655 https://oval.cisecurity.org/repository/search/def •
CVSS: 5.0EPSS: 7%CPEs: 27EXPL: 2CVE-2004-1319
https://notcve.org/view.php?id=CVE-2004-1319
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180. • http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html http://freehost07.websamba.com/greyhats/abusiveparent-discussion.htm http://secunia.com/advisories/13482 http://www.kb.cert.org/vuls/id/356600 http://www.securityfocus.com/bid/11950 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/18504 https://oval.cisecurity.org/repository/search/definitio •
CVSS: 10.0EPSS: 15%CPEs: 51EXPL: 0CVE-2004-0571
https://notcve.org/view.php?id=CVE-2004-0571
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901. El Convertidor de Microsoft Word para Windows 6.0 no valida adecuadamente ciertas longitudes de datos, lo que permite a atacantes remotos ejecutar código arbitrario mediante ficheros .wri, .rtf y .doc enviado por correo electrónico o un sitio web malicioso, también conocida como "Vulnerabilidad de conversión de tabla". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-041 https://exchange.xforce.ibmcloud.com/vulnerabilities/18337 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1168 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1417 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1959 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1976 https://ov •
CVSS: 10.0EPSS: 7%CPEs: 22EXPL: 0CVE-2004-0978
https://notcve.org/view.php?id=CVE-2004-0978
Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter. • http://marc.info/?l=bugtraq&m=110616221411579&w=2 http://www.kb.cert.org/vuls/id/673134 http://www.ngssoftware.com/advisories/heartbeatfull.txt http://www.securityfocus.com/bid/11367 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/17714 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 96%CPEs: 5EXPL: 1CVE-2004-0214 – Microsoft Windows XP/2000/NT 4.0 - Shell Long Share Name Buffer Overrun
https://notcve.org/view.php?id=CVE-2004-0214
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. Desbordamiento de búfer en Microsoft Internet Explorer y Explorador de Windows XP SP1, 2000, 98 y Me puede permitir a usuarios remotos maliciosos causar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código de su elección mediante nombres de recursos compartidos largos, como se ha demostrado usando Samba. • https://www.exploit-db.com/exploits/24051 http://seclists.org/lists/bugtraq/2004/Apr/0322.html http://seclists.org/lists/fulldisclosure/2004/Apr/0933.html http://secunia.com/advisories/11482 http://securitytracker.com/id?1011647 http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B322857 http://www.kb.cert.org/vuls/id/616200 http://www.osvdb.org/5687 http://www.securiteam.com/windowsntfocus/5JP0M1PCKI.html http://www.securityfocus.com/bid/10213 https://docs.m •