CVSS: 9.3EPSS: 18%CPEs: 11EXPL: 1CVE-2013-3174 – Microsoft DirectShow - Arbitrary Memory Overwrite (MS13-056)
https://notcve.org/view.php?id=CVE-2013-3174
10 Jul 2013 — DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability." DirectShow en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, y Windows Server 2012 permite a atacantes remotos l... • https://www.exploit-db.com/exploits/27050 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 37%CPEs: 13EXPL: 4CVE-2013-1300 – Microsoft Windows NtUserMessageCall Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2013-1300
10 Jul 2013 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability." win32k.sys en controladores kernel-mode en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server ... • https://packetstorm.news/files/id/126488 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.4EPSS: 0%CPEs: 13EXPL: 0CVE-2013-1340
https://notcve.org/view.php?id=CVE-2013-1340
10 Jul 2013 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability." win32k.sys en controladores kernel-mode en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 S... • http://www.us-cert.gov/ncas/alerts/TA13-190A • CWE-264: Permissions, Privileges, and Access Controls CWE-416: Use After Free •
CVSS: 7.8EPSS: 2%CPEs: 13EXPL: 0CVE-2013-1345 – Microsoft Windows win32k.sys Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2013-1345
10 Jul 2013 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability." win32k.sys en los controladores kernel-mode en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 ... • http://www.us-cert.gov/ncas/alerts/TA13-190A • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3136
https://notcve.org/view.php?id=CVE-2013-3136
12 Jun 2013 — The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability." El kernel en Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1 y Windows 8 en p... • http://www.us-cert.gov/ncas/alerts/TA13-168A • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 67%CPEs: 10EXPL: 8CVE-2013-3660 – Microsoft Win32k Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2013-3660
24 May 2013 — The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPa... • https://packetstorm.news/files/id/122246 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 12EXPL: 4CVE-2013-3661 – Microsoft Windows - Win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase
https://notcve.org/view.php?id=CVE-2013-3661
24 May 2013 — The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain. La función EPATHOBJ::bFlatten en win32k.sys en Microsoft Windows XP... • https://www.exploit-db.com/exploits/25611 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 3%CPEs: 56EXPL: 0CVE-2013-0986 – Apple QuickTime enof Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0986
23 May 2013 — Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file. Desbordamiento de búfer en Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de átomos ENOF manipulados en un archivo de película. This vulnerability allows remote attackers to execute arbitrary code on vulnerable install... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 4%CPEs: 55EXPL: 0CVE-2013-0987 – Apple Security Advisory 2013-06-04-1
https://notcve.org/view.php?id=CVE-2013-0987
23 May 2013 — Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file. Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo QTIF modificado. QuickTime 7.7.4 is now available and addresses multiple issues including buffer overflows and arbitrary code execution vulnerabilities. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 6%CPEs: 55EXPL: 0CVE-2013-0988 – Apple QuickTime FlashPix Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0988
23 May 2013 — Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FPX file. Desbordamiento de búfer en Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo FPX modificado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interact... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •