CVSS: 9.3EPSS: 73%CPEs: 8EXPL: 0CVE-2007-0214
https://notcve.org/view.php?id=CVE-2007-0214
The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. El control HTML Help ActiveX (Hhctrl.ocx) en Microsoft Windows 2000 SP3, XP SP2 y Professional, 2003 SP1 permite a atacantes remotos ejecutar código de su elección mediante funciones no especificadas, relacionado con parámetros no inicializados. • http://secunia.com/advisories/24136 http://www.kb.cert.org/vuls/id/563756 http://www.osvdb.org/31884 http://www.securityfocus.com/bid/22478 http://www.securitytracker.com/id?1017635 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0577 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125 •
CVSS: 9.3EPSS: 96%CPEs: 13EXPL: 2CVE-2007-0024 – Microsoft Internet Explorer - VML Download and Execute (MS07-004)
https://notcve.org/view.php?id=CVE-2007-0024
Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." Debordamiento de Entero en la implementación (vgx.dll) del Lenguaje de Marcas de Vectores (VML) en Microsoft Internet Explorer 5.01, 6, y 7 en Windows 2000 SP4, XP SP2, Server 2003, y Server 2003 SP1 permite a atacantes remotos ejecutar código de su elección mediante una página web manipulada que contiene propiedades no especificadas tipo entero que provocan insufiencte reserva de memoria y dispara un desbordamiento de búfer, también conocido como la "Vulnerabilidad de desbordamiento de búfer VML". • https://www.exploit-db.com/exploits/3148 https://www.exploit-db.com/exploits/3137 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462 http://secunia.com/advisories/23677 http://securitytracker.com/id?1017489 http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm http://support.microsoft.com/?kbid=929969 http://www.kb.cert.org/vuls/id/122084 http://www.osvdb.org/31250 http://www.securityfocus.com/archive/1/457053/100/0/threaded http://w •
CVSS: 6.9EPSS: 57%CPEs: 29EXPL: 2CVE-2006-6696 – Microsoft Windows - 'MessageBox' Memory Corruption Local Denial of Service
https://notcve.org/view.php?id=CVE-2006-6696
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. Vulnerabilidad de liberación de memoria doble en Microsoft Windows 2000, XP, 2003, y Vista, permite a usuarios locales obtener privilegios llamando a la función MessageBox con un mensaje MB_SERVICE_NOTIFICATION con datos manipulados, lo cual envía un mensaje HardError al proceso Subsistema de servidor en ejecución de Cliente/Servidor (CSSRSS), que no es gestionado apropiadamente cuando se invocan las funciones UserHardError y GetHardErrorText en WINSRV.DLL. • https://www.exploit-db.com/exploits/2967 https://www.exploit-db.com/exploits/3024 http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx http://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5aff http://isc.sans.org/diary.php?n&storyid=1965 http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051394.html http://research.eeye.com/html/alerts/zeroday/20061215.html http://sec • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 56%CPEs: 3EXPL: 0CVE-2006-4689
https://notcve.org/view.php?id=CVE-2006-4689
Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability." Vulnerabilidad no especificada en el controlador para Client Service for NetWare (CSNW) en Microsoft Windows 2000 SP4, XP SP2, y Server 2003 hasta el SP1 permite a atacantes remotos provocar una denegación de servicio (cuelgue o reinicio) mediante vectores de ataque desconocidos, también conocido como "Vulnerabilidad de denegación de servicio del controlador NetWare". • http://secunia.com/advisories/22866 http://securitytracker.com/id?1017224 http://www.securityfocus.com/archive/1/451844/100/0/threaded http://www.securityfocus.com/bid/20984 http://www.us-cert.gov/cas/techalerts/TA06-318A.html http://www.vupen.com/english/advisories/2006/4504 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-066 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A413 •
CVSS: 7.5EPSS: 96%CPEs: 3EXPL: 2CVE-2006-4688 – Microsoft Services - 'nwapi32.dll' (MS06-066)
https://notcve.org/view.php?id=CVE-2006-4688
Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability." Desbordamiento de búfer en Client Service for NetWare (CSNW) en Microsoft Windows 2000 SP4, XP SP2, y Server 2003 hasta el SP1 permite a atacantes remotos ejecutar código de su elección mediante mensajes artesanales, también conocido como "Vulnerabilidad de corrupción de memoria en Client Service for NetWare". • https://www.exploit-db.com/exploits/16373 https://www.exploit-db.com/exploits/16369 http://secunia.com/advisories/22866 http://securitytracker.com/id?1017224 http://www.securityfocus.com/archive/1/451844/100/0/threaded http://www.securityfocus.com/bid/21023 http://www.us-cert.gov/cas/techalerts/TA06-318A.html http://www.vupen.com/english/advisories/2006/4504 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-066 https://exchange.xforce.ibmcloud.c •