CVSS: 5.8EPSS: 19%CPEs: 21EXPL: 0CVE-2007-5355
https://notcve.org/view.php?id=CVE-2007-5355
The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. La característica Web Proxy Auto-Discovery en Microsoft Internet Explorer 6 y 7, cuando un sufijo de DNS primario con tres o más componentes es configurado, resuelve nombre de host wpad no cualificado en un dominio de segundo nivel fuera de este dominio configurado en el DNS, lo cual permite a servidores WPAD llevar a cabo ataques de hombre en el medio (MITM, man-in-the-middle). • http://secunia.com/advisories/27901 http://support.microsoft.com/kb/945713 http://www.microsoft.com/technet/security/advisory/945713.mspx http://www.securityfocus.com/bid/26686 http://www.securitytracker.com/id?1019033 http://www.vupen.com/english/advisories/2007/4064 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2007-1876
https://notcve.org/view.php?id=CVE-2007-1876
VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction." MVware Workstation anterior a 5.5.4, cuando ejecuta Windows 64-bits como invitado en un anfitrión de 64 bits, permite a usuarios locales "corromper el contexto de registro de la máquina virtual" mediante la depuración de un programa local y el paso a una "instrucción de llamada al sistema" (syscall instruction). • http://osvdb.org/35509 http://secunia.com/advisories/25079 http://www.securityfocus.com/archive/1/467936/30/6690/threaded http://www.securityfocus.com/archive/1/469011/30/6510/threaded http://www.securityfocus.com/bid/23732 http://www.securitytracker.com/id?1018011 http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554 http://www.vupen.com/english/advisories/2007/1592 https://exchange.xforce.ibmcloud.com/vulnerabilities/33993 •
CVSS: 9.3EPSS: 66%CPEs: 8EXPL: 0CVE-2007-0214
https://notcve.org/view.php?id=CVE-2007-0214
The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. El control HTML Help ActiveX (Hhctrl.ocx) en Microsoft Windows 2000 SP3, XP SP2 y Professional, 2003 SP1 permite a atacantes remotos ejecutar código de su elección mediante funciones no especificadas, relacionado con parámetros no inicializados. • http://secunia.com/advisories/24136 http://www.kb.cert.org/vuls/id/563756 http://www.osvdb.org/31884 http://www.securityfocus.com/bid/22478 http://www.securitytracker.com/id?1017635 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0577 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125 •
CVSS: 7.5EPSS: 48%CPEs: 8EXPL: 0CVE-2006-3445
https://notcve.org/view.php?id=CVE-2006-3445
Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow. Microsoft Agent en Microsoft Windows 2000 SP4, XP SP2, y Server 2003 hasta el SP1 permite a atacantes remotos ejecutar código de su elección mediante un fichero .ACF artesanal que dispara una corrupción de memoria. • http://secunia.com/advisories/22878 http://securitytracker.com/id?1017222 http://www.coseinc.com/alert.html http://www.kb.cert.org/vuls/id/810772 http://www.securityfocus.com/archive/1/458558/100/0/threaded http://www.securityfocus.com/bid/21034 http://www.us-cert.gov/cas/techalerts/TA06-318A.html http://www.vupen.com/english/advisories/2006/4506 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-068 https://exchange.xforce.ibmcloud.com/vuln • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 78%CPEs: 36EXPL: 1CVE-2006-0032 – Microsoft Indexing Service - Query Validation Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0032
Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el Indexing Service dentro de Microsoft Windows 2000, XP, y Server 2003, cuando la opción Encoding está asiganado a Auto Select, permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de una URL codificada UTF-7, el cual es inyectado dentro de un mensaje de error cuyo conjunto de caracteres está asignado a UTF-7. • https://www.exploit-db.com/exploits/28500 http://secunia.com/advisories/21861 http://securitytracker.com/id?1016826 http://www.geocities.jp/ptrs_sec/advisory09e.html http://www.kb.cert.org/vuls/id/108884 http://www.securityfocus.com/archive/1/446630/100/100/threaded http://www.securityfocus.com/archive/1/447509/100/0/threaded http://www.securityfocus.com/archive/1/447511/100/0/threaded http://www.securityfocus.com/bid/19927 http://www.us-cert.gov/cas/techalerts&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •