31 results (0.023 seconds)

CVSS: 5.8EPSS: 39%CPEs: 21EXPL: 0

The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. La característica Web Proxy Auto-Discovery en Microsoft Internet Explorer 6 y 7, cuando un sufijo de DNS primario con tres o más componentes es configurado, resuelve nombre de host wpad no cualificado en un dominio de segundo nivel fuera de este dominio configurado en el DNS, lo cual permite a servidores WPAD llevar a cabo ataques de hombre en el medio (MITM, man-in-the-middle). • http://secunia.com/advisories/27901 http://support.microsoft.com/kb/945713 http://www.microsoft.com/technet/security/advisory/945713.mspx http://www.securityfocus.com/bid/26686 http://www.securitytracker.com/id?1019033 http://www.vupen.com/english/advisories/2007/4064 •

CVSS: 7.5EPSS: 66%CPEs: 3EXPL: 0

The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector. La configuración predeterminada de Microsoft Windows usa el Web Proxy Autodiscovery Protocol (WPAD) sin entradas WPAD estáticas, lo que podría permitir a atacantes remotos interceptar el tráfico web mediante el registro de un servidor proxy usando WINS o DNS y, a continuación, responder a peticiones WPAD, como es demostrado por Internet Explorer. NOTA: se podría argumentar que si un atacante ya tiene control sobre WINS/DNS, entonces el tráfico web ya podría ser interceptado mediante la modificación de registros WINS o DNS, por lo que esto no cruzaría los límites de privilegios y no sería una vulnerabilidad. • http://archives.neohapsis.com/archives/isn/2007-q1/0418.html http://isc.sans.org/diary.html?storyid=2517 http://news.com.com/Windows+weakness+can+lead+to+network+traffic+hijacks/2100-1002_3-6170229.html http://support.microsoft.com/kb/934864 http://www.vupen.com/english/advisories/2007/1115 https://exchange.xforce.ibmcloud.com/vulnerabilities/33244 • CWE-16: Configuration •

CVSS: 9.3EPSS: 62%CPEs: 6EXPL: 0

The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll. El componente MFC en Microsoft Windows 2000 SP4, XP SP2 y 2003 SP1 y Visual Studio .NET 2000, 2002 SP1, 2003 y 2003 SP1 permite a atacantes remotos asistidos por usuario ejecutar código arbitrario a través de un archivo RTF con un objeto OLE mal formado que desencadena corrupción de memoria. NOTA: esto podría ser debido a un desbordamiento de buffer basado en pila en la función AfxOleSetEditMenu en MFC42u.dll. • http://secunia.com/advisories/24150 http://www.kb.cert.org/vuls/id/932041 http://www.osvdb.org/31887 http://www.securityfocus.com/bid/22476 http://www.securitytracker.com/id?1017638 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0581 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-012 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A157 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 73%CPEs: 8EXPL: 0

The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. El control HTML Help ActiveX (Hhctrl.ocx) en Microsoft Windows 2000 SP3, XP SP2 y Professional, 2003 SP1 permite a atacantes remotos ejecutar código de su elección mediante funciones no especificadas, relacionado con parámetros no inicializados. • http://secunia.com/advisories/24136 http://www.kb.cert.org/vuls/id/563756 http://www.osvdb.org/31884 http://www.securityfocus.com/bid/22478 http://www.securitytracker.com/id?1017635 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0577 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125 •

CVSS: 10.0EPSS: 86%CPEs: 3EXPL: 0

Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability." Desbordamiento de búfer en el SNMP Service de Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1 y, posiblemente, otras versiones, permite a atacantes remotos ejecutar código de su elección a través de paquetes SNMP modificados, también conocido como "Vulnerabilidad de corrupción de memoria SNMP". • http://secunia.com/advisories/23307 http://securitytracker.com/id?1017371 http://www.kb.cert.org/vuls/id/901584 http://www.securityfocus.com/archive/1/454969/100/200/threaded http://www.securityfocus.com/bid/21537 http://www.us-cert.gov/cas/techalerts/TA06-346A.html http://www.vupen.com/english/advisories/2006/4967 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3A •