CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2005-0545
https://notcve.org/view.php?id=CVE-2005-0545
Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post. • http://marc.info/?l=bugtraq&m=110935549821930&w=2 http://www.securityfocus.com/archive/1/391332 http://www.securityfocus.com/bid/12641 •
CVSS: 7.5EPSS: 88%CPEs: 55EXPL: 3CVE-2005-0416 – Microsoft Internet Explorer - '.ANI' Downloader (MS05-002)
https://notcve.org/view.php?id=CVE-2005-0416
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow. La capacidad de Cursor Animado de Windows (archivos .ANI) de Windows NT, Windows 2000 hasta SP4, Windows XP hasta SP1, y Windows 2003 permite a atacantes remotos ejecutar código de su elección mediante el campo de longitud AnimationHeaderBlock, lo que conduce a un desbordamiento de búfer basado en la pila. • https://www.exploit-db.com/exploits/771 https://www.exploit-db.com/exploits/765 http://eeye.com/html/research/advisories/AD20050111.html http://marc.info/?l=bugtraq&m=110547079218397&w=2 http://marc.info/?l=bugtraq&m=110556975827760&w=2 http://www.securityfocus.com/bid/12233 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-002 https://exchange.xforce.ibmcloud.com/vulnerabilities/18879 •
CVSS: 7.5EPSS: 96%CPEs: 49EXPL: 1CVE-2005-0045 – Microsoft Windows - 'SMB' Transaction Response Handling (MS05-011)
https://notcve.org/view.php?id=CVE-2005-0045
The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields. • https://www.exploit-db.com/exploits/1065 http://marc.info/?l=bugtraq&m=110792638401852&w=2 http://marc.info/?l=bugtraq&m=111040962600205&w=2 http://marc.info/?l=ntbugtraq&m=110795643831169&w=2 http://www.kb.cert.org/vuls/id/652537 http://www.securityfocus.com/bid/12484 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-011 https://exchange.xforce.ibmcloud.com/vulnerabilities/19089 https& •
CVSS: 7.5EPSS: 87%CPEs: 35EXPL: 2CVE-2005-0053 – Microsoft Internet Explorer 5.x - Valid File Drag and Drop Embedded Code (MS04-038)
https://notcve.org/view.php?id=CVE-2005-0053
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability." Internet Explorer 5.01, 5.5 y 6 permite a los atacantes remotos ejecutar código arbitrario mediante eventos de arrastrar y soltar, también conocidos como "Vulnerabilidad de arrastrar y soltar". • https://www.exploit-db.com/exploits/24693 http://www.kb.cert.org/vuls/id/698835 http://www.securityfocus.com/bid/11466 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-008 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014 https://exchange.xforce.ibmcloud.com/vulnerabilities/19117 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1015 https&# •
CVSS: 10.0EPSS: 94%CPEs: 37EXPL: 0CVE-2005-0050
https://notcve.org/view.php?id=CVE-2005-0050
The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability." • http://www.kb.cert.org/vuls/id/130433 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/19101 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2568 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3582 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A47 • CWE-20: Improper Input Validation •