CVSS: 5.8EPSS: 23%CPEs: 21EXPL: 0CVE-2007-5355
https://notcve.org/view.php?id=CVE-2007-5355
The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. La característica Web Proxy Auto-Discovery en Microsoft Internet Explorer 6 y 7, cuando un sufijo de DNS primario con tres o más componentes es configurado, resuelve nombre de host wpad no cualificado en un dominio de segundo nivel fuera de este dominio configurado en el DNS, lo cual permite a servidores WPAD llevar a cabo ataques de hombre en el medio (MITM, man-in-the-middle). • http://secunia.com/advisories/27901 http://support.microsoft.com/kb/945713 http://www.microsoft.com/technet/security/advisory/945713.mspx http://www.securityfocus.com/bid/26686 http://www.securitytracker.com/id?1019033 http://www.vupen.com/english/advisories/2007/4064 •
CVSS: 9.3EPSS: 60%CPEs: 37EXPL: 0CVE-2007-2374
https://notcve.org/view.php?id=CVE-2007-2374
Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. Vulnerabilidad no especificada en Microsoft Windows 2000, XP, y Server 2003 permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante vectores no especificados. NOTA: esta información está basada en un preaviso impreciso sin información accionable. • http://osvdb.org/35637 http://research.eeye.com/html/advisories/upcoming/20070327.html http://www.securityfocus.com/bid/23332 https://exchange.xforce.ibmcloud.com/vulnerabilities/34444 •
CVSS: 9.3EPSS: 73%CPEs: 8EXPL: 0CVE-2007-0214
https://notcve.org/view.php?id=CVE-2007-0214
The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. El control HTML Help ActiveX (Hhctrl.ocx) en Microsoft Windows 2000 SP3, XP SP2 y Professional, 2003 SP1 permite a atacantes remotos ejecutar código de su elección mediante funciones no especificadas, relacionado con parámetros no inicializados. • http://secunia.com/advisories/24136 http://www.kb.cert.org/vuls/id/563756 http://www.osvdb.org/31884 http://www.securityfocus.com/bid/22478 http://www.securitytracker.com/id?1017635 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2007/0577 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-008 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A125 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2006-5585
https://notcve.org/view.php?id=CVE-2006-5585
The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability." El Subsistema Client-Server Run-time de Microsoft Windows XP SP2 y Server 2003 permite a usuarios locales la obtención de privilegios a través de un fichero manipulado manifestándose dentro de la aplicación, también conocido como "File Manifest Corruption Vulnerability." • http://secunia.com/advisories/23308 http://secunia.com/advisories/23348 http://securitytracker.com/id?1017370 http://www.securityfocus.com/archive/1/454969/100/200/threaded http://www.us-cert.gov/cas/techalerts/TA06-346A.html http://www.vupen.com/english/advisories/2006/4968 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-075 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A560 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 56%CPEs: 8EXPL: 0CVE-2006-3445
https://notcve.org/view.php?id=CVE-2006-3445
Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow. Microsoft Agent en Microsoft Windows 2000 SP4, XP SP2, y Server 2003 hasta el SP1 permite a atacantes remotos ejecutar código de su elección mediante un fichero .ACF artesanal que dispara una corrupción de memoria. • http://secunia.com/advisories/22878 http://securitytracker.com/id?1017222 http://www.coseinc.com/alert.html http://www.kb.cert.org/vuls/id/810772 http://www.securityfocus.com/archive/1/458558/100/0/threaded http://www.securityfocus.com/bid/21034 http://www.us-cert.gov/cas/techalerts/TA06-318A.html http://www.vupen.com/english/advisories/2006/4506 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-068 https://exchange.xforce.ibmcloud.com/vuln • CWE-189: Numeric Errors •