CVSS: 9.3EPSS: 95%CPEs: 23EXPL: 0CVE-2011-0029
https://notcve.org/view.php?id=CVE-2011-0029
Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability." Vulnerabilidad de ruta de búsqueda no confiable en la conexión de Escritorio Remoto de Microsoft 5.2, 6.0, 6.1 y 7.0 permite a usuarios locales escalar privilegios a través de una DLL troyanizada en el directorio de trabajo actual, como se ha demostrado con un directorio que contiene un fichero .rdp. También conocido como "vulnerabilidad de carga de librerías inseguras en Remote Desktop". • http://osvdb.org/71014 http://secunia.com/advisories/43628 http://www.securitytracker.com/id?1025172 http://www.us-cert.gov/cas/techalerts/TA11-067A.html http://www.vupen.com/english/advisories/2011/0616 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12480 •
CVSS: 10.0EPSS: 94%CPEs: 6EXPL: 3CVE-2011-0654 – Microsoft Windows Server 2003 - AD BROWSER ELECTION Remote Heap Overflow
https://notcve.org/view.php?id=CVE-2011-0654
Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information. Subdesbordamiento de enteros en la función BowserWriteErrorLogEntry del servicio de navegador Common Internet File System (CIFS) en los archivos Mrxsmb.sys o Bowser.sys en Active Directory en Microsoft Windows XP versiones SP2 y SP3, Windows Server 2003 SP2, Windows Vista versiones SP1 y SP2, Windows Server 2008 versiones Gold, SP2, R2 y R2 SP1, y Windows 7 versiones Gold y SP1 permiten a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de sistema) por medio de un mensaje malformado de BROWSER ELECTION, lo que conlleva a un desbordamiento del búfer en la región heap de la memoria, también se conoce como "Browser Pool Corruption Vulnerability" Nota: algunos de estos detalles se obtienen de información de terceros. • https://www.exploit-db.com/exploits/16166 http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0284.html http://blogs.technet.com/b/mmpc/archive/2011/02/16/my-sweet-valentine-the-cifs-browser-protocol-heap-corruption-vulnerability.aspx http://blogs.technet.com/b/srd/archive/2011/02/16/notes-on-exploitability-of-the-recent-windows-browser-protocol-issue.aspx http://secunia.com/advisories/43299 http://www.exploit-db.com/exploits/16166 http://www.kb.cert.org/vuls/id/323172 htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 18%CPEs: 18EXPL: 0CVE-2011-0033
https://notcve.org/view.php?id=CVE-2011-0033
The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability." El controlador OpenType Compact Font Format (CFF) en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, Windows Server 2008 Gold, SP2, y R2, y Windows 7 no valida de forma adecuada los valores en fuentes OpenType, lo que permite a atacantes remotos a ejecutar código arbitrario a través de una fuente manipulada, también conocido como "OpenType Font Encoded Character Vulnerability" • http://osvdb.org/70821 http://secunia.com/advisories/43252 http://support.avaya.com/css/P8/documents/100127239 http://www.securityfocus.com/bid/46106 http://www.securitytracker.com/id?1025034 http://www.vupen.com/english/advisories/2011/0320 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-007 https://exchange.xforce.ibmcloud.com/vulnerabilities/64906 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11593 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 86%CPEs: 40EXPL: 0CVE-2011-0035
https://notcve.org/view.php?id=CVE-2011-0035
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036. Microsoft Internet Explorer 6, 7, y 8 no maneja adecuadamente objetos en memoria, lo que permite que atacantes remotos ejecuten código de su elección accediendo al objeto que (1) no fue actualizado adecuadamente o (2) es borrado, permitiendo una corrupción de memoria, también conocido como "Uninitialized Memory Corruption Vulnerability," una vulnerabilidad diferente a CVE-2010-2556 y CVE-2011-0036. • http://osvdb.org/70831 http://support.avaya.com/css/P8/documents/100127294 http://www.securityfocus.com/bid/46157 http://www.securitytracker.com/id?1025038 http://www.vupen.com/english/advisories/2011/0318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003 https://exchange.xforce.ibmcloud.com/vulnerabilities/64911 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12371 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2011-0043
https://notcve.org/view.php?id=CVE-2011-0043
Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability." Kerberos en Microsoft Windows XP SP2 y SP3 y Server 2003 SP2 admite algoritmos hash débiles, lo que permite a usuarios locales conseguir privilegios, operando un servicio que envía tickets de servicio manipulados, como lo demuestra el algoritmo CRC32 ,también conocido como "Vulnerabilidad de Checksum en la clave Kerberos." • http://osvdb.org/70834 http://secunia.com/advisories/43251 http://support.avaya.com/css/P8/documents/100127250 http://www.securityfocus.com/bid/46130 http://www.securitytracker.com/id?1025048 http://www.vupen.com/english/advisories/2011/0326 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/64900 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12432 • CWE-310: Cryptographic Issues •