CVE-2007-0038 – Microsoft Windows Explorer - '.ANI' File Denial of Service
https://notcve.org/view.php?id=CVE-2007-0038
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred. Un desbordamiento de búfer en la región stack de la memoria en el código de cursor animado en Microsoft Windows 2000 SP4 hasta Vista, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (reinicio persistente) por medio de un valor de gran longitud en el segundo bloque anih (o posterior) de un archivo RIFF .ANI, cur o .ico, lo que resulta en una corrupción de memoria cuando se procesan cursores, cursores animados e iconos, una variante de CVE-2005-0416, como es demostrado originalmente usando Internet Explorer versiones 6 y 7. NOTA: esto podría ser un duplicado de CVE-2007-1765; si es así, entonces CVE-2007-0038 debe ser preferido. • https://www.exploit-db.com/exploits/3684 https://www.exploit-db.com/exploits/3647 https://www.exploit-db.com/exploits/3695 https://www.exploit-db.com/exploits/3652 https://www.exploit-db.com/exploits/3617 https://www.exploit-db.com/exploits/3688 https://www.exploit-db.com/exploits/3755 https://www.exploit-db.com/exploits/3804 https://www.exploit-db.com/exploits/3636 https://www.exploit-db.com/exploits/3651 https://www.exploit-db.com/exploits/4045 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-1537
https://notcve.org/view.php?id=CVE-2007-1537
\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. \Device\NdisTapi (NDISTAPI.sys) en Microsoft Windows XP SP2 y 2003 SP1 utiliza permisos débiles, lo que permite a los usuarios locales escribir en el dispositivo y causar una denegación de servicio, como es demostrado por el uso de un IRQL para adquirir un spinlock en la memoria paginada por medio de la función NdisTapiDispatch. • http://secunia.com/advisories/24598 http://securityreason.com/securityalert/2471 http://www.osvdb.org/33628 http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=47 http://www.securityfocus.com/archive/1/463208/100/0/threaded http://www.securityfocus.com/bid/23025 http://www.vupen.com/english/advisories/2007/1031 https://exchange.xforce.ibmcloud.com/vulnerabilities/33086 •
CVE-2007-1512
https://notcve.org/view.php?id=CVE-2007-1512
Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025. Desbordamiento de búfer basado en pila en la función AfxOleSetEditMenu en el componente MFC de Microsoft Windows 2000 SP4, XP SP2, y Server 2003 Gold y SP1, y Visual Studio .NET 2002 Gold y SP1, y 2003 Gold y SP1 permite a atacantes remotos con la complicidad del usuario tener un impacto desconocido (posiblemente caída) mediante un fichero RTF con un objeto OLE mal formado, lo cual resulta en la escritura de 2 caracteres 0x00 pasado el final de szBuffer, también conocido como "MFC42u.dll Off-by-Two Overflow". NOTA: este asunto es debido a un parche incompleto (MS07-012) para CVE-2007-0025. • http://www.securityfocus.com/archive/1/463009/100/0/threaded •
CVE-2007-0219
https://notcve.org/view.php?id=CVE-2007-0219
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697. Microsoft Internet Explorer 5.01, 6, y 7 utiliza ciertos objetos COM de (1) Msb1fren.dll, (2) Htmlmm.ocx, y (3) Blnmgrps.dll como controles ActiveX, lo cual permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados, un vector diferente que CVE-2006-4697. • http://secunia.com/advisories/24156 http://www.kb.cert.org/vuls/id/771788 http://www.osvdb.org/31893 http://www.osvdb.org/31894 http://www.osvdb.org/31895 http://www.securityfocus.com/bid/22504 http://www.securitytracker.com/id?1017643 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0584 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016 https://exchange.xforce.ibmcloud.com/vulnerab •
CVE-2006-4697
https://notcve.org/view.php?id=CVE-2006-4697
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193. Microsoft Internet Explorer 5.01, 6, y 7 utiliza ciertos objetos COM de Imjpcksid.dll como controles ActiveX, lo cual permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados. NOTA: este asunto podría estar relacionado con CVE-2006-4193. • http://secunia.com/advisories/24156 http://www.kb.cert.org/vuls/id/753924 http://www.osvdb.org/31891 http://www.securityfocus.com/bid/22486 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0584 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1120 •