CVSS: 9.3EPSS: 63%CPEs: 9EXPL: 0CVE-2008-1092
https://notcve.org/view.php?id=CVE-2008-1092
25 Mar 2008 — Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026. Un desbordamiento de búfer en la biblioteca msjet40.dll anterior a la versión 4.0.9505.0 en el Motor de Base de datos de Microsoft Jet permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo de Word ... • http://marc.info/?l=bugtraq&m=121129490723574&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 45%CPEs: 8EXPL: 0CVE-2007-1201
https://notcve.org/view.php?id=CVE-2007-1201
11 Mar 2008 — Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability." Vulnerabilidad no especificada en determinados objetos COM de Microsoft Office Web Components 2000 permite a atacantes remotos con la complicidad del usuario ejecutar códigode su elección mediante vectores relativos a DataSource que dispar... • http://marc.info/?l=bugtraq&m=120585858807305&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 68%CPEs: 8EXPL: 0CVE-2008-0080
https://notcve.org/view.php?id=CVE-2008-0080
12 Feb 2008 — Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response. Desbordamiento de búfer basado en montículo en el WebDAV Mini-Redirector de Microsoft Windows XP SP2, Server 2003 SP1 y SP2 y Vista permite a atacantes remotos ejecutar código de su elección mediante una respuesta WebDAV manipulada. • http://marc.info/?l=bugtraq&m=120361015026386&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 30%CPEs: 11EXPL: 0CVE-2007-0066
https://notcve.org/view.php?id=CVE-2007-0066
08 Jan 2008 — The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability." El kernel de Microsoft Windows 2000 SP4, XP SP2 y Server 2003, cuando se habilita el protocolo de detección de enrutador ICMP (RDP), permite a los atacantes remotos provocar una denegación de servicio medi... • http://blogs.technet.com/swi/archive/2008/01/08/ms08-001-part-2-the-case-of-the-moderate-icmp-mitigations.aspx •
CVSS: 9.3EPSS: 69%CPEs: 6EXPL: 1CVE-2007-6026 – Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow
https://notcve.org/view.php?id=CVE-2007-6026
20 Nov 2007 — Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944. Un desbordamiento del búfer en la región stack de la memoria en Microsoft msjet40.dll versión 4.0.8618.0 (también se conoce como Microsoft Jet Engine), como es ... • https://www.exploit-db.com/exploits/4625 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 70%CPEs: 26EXPL: 1CVE-2007-2223 – Microsoft Internet Explorer substringData Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-2223
14 Aug 2007 — Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. Microsoft XML Core Services (MSXML) versión 3.0 hasta 6.0 permite a los atacantes remotos ejecutar código arbitrario por medio del método substringData en un objeto (1) TextNode o (2) XMLDOM, lo que provoca un desbordamiento de enteros que conduce a un desbordamiento de búfe... • https://www.exploit-db.com/exploits/30493 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 36%CPEs: 4EXPL: 0CVE-2007-0039
https://notcve.org/view.php?id=CVE-2007-0039
08 May 2007 — The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception. La funcionalidad Exchange Collaboration Data Objects (EXCDO) en Microsoft Exchange Server 2000... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063232.html • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 79%CPEs: 4EXPL: 2CVE-2007-0213 – Microsoft Exchange 2003 - base64-MIME Remote Code Execution
https://notcve.org/view.php?id=CVE-2007-0213
08 May 2007 — Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. Microsoft Exchange Server 2000 SP3, 2003 SP1 y SP2, y 2007 no decodifica apropiadamente correos electrónicos concretos con codificación MIME, lo cual permite a atacantes remotos ejecutar código de su elección mediante un mensaje de correo electrónico manipulado con codificación base64 MI... • https://packetstorm.news/files/id/153533 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 35%CPEs: 3EXPL: 0CVE-2007-0220
https://notcve.org/view.php?id=CVE-2007-0220
08 May 2007 — Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label". Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Outlook Web Access (OWA) de Microsoft Exchange Server 2000 SP3, y 2003 SP1 y SP2 permite a atac... • http://secunia.com/advisories/25183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 25%CPEs: 8EXPL: 0CVE-2007-1512
https://notcve.org/view.php?id=CVE-2007-1512
20 Mar 2007 — Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012)... • http://www.securityfocus.com/archive/1/463009/100/0/threaded •