CVSS: 9.3EPSS: 84%CPEs: 14EXPL: 2CVE-2013-3918 – Microsoft Internet Explorer - CardSpaceClaimCollection ActiveX Integer Underflow (MS13-090)
https://notcve.org/view.php?id=CVE-2013-3918
12 Nov 2013 — The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCard... • https://packetstorm.news/files/id/124183 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 89%CPEs: 12EXPL: 2CVE-2013-1347 – Microsoft Internet Explorer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1347
05 May 2013 — Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013. Microsoft Internet Explorer 8 no maneja adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección cuando acceden al objeto que (1)no se ha asignado adecuadamente o (2) se ha eliminado, como han sido explotadas a lo largo... • https://www.exploit-db.com/exploits/25294 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-416: Use After Free •
CVSS: 10.0EPSS: 53%CPEs: 43EXPL: 0CVE-2013-0073
https://notcve.org/view.php?id=CVE-2013-0073
13 Feb 2013 — The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." El componente Windows Forms (conocido como WinForms) de Microsoft .NET Framework v2.0 SP2, v3.5, v3.5.1, v4, y v4.5 no r... • http://www.us-cert.gov/cas/techalerts/TA13-043B.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 68%CPEs: 35EXPL: 0CVE-2013-0005
https://notcve.org/view.php?id=CVE-2013-0005
09 Jan 2013 — The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability." La función WCF Replace en la implementación del protocolo Open Data (alias OData) en Microsoft. NET Framework v3.5, v3.5 SP1, v3.5.1 y v... • http://www.us-cert.gov/cas/techalerts/TA13-008A.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2010-0233 – Microsoft Windows XP/Vista/2000/2003 - Double-Free Memory Corruption Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-0233
10 Feb 2010 — Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." Vulnerabilidad de doble liberación en el núcleo de Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2, permite a usuarios locales obtener privilegios a través de una aplicación manipu... • https://www.exploit-db.com/exploits/33593 •
CVSS: 9.3EPSS: 62%CPEs: 7EXPL: 0CVE-2009-2527
https://notcve.org/view.php?id=CVE-2009-2527
14 Oct 2009 — Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability." Desbordamiento de búfer basado en memoria dinámica (heap) en Microsoft Windows Media Player v6.4, permite a atacantes remotos ejecutar código de su elección a través de un archivo ASF manipulado o (2) a través de un contenido para difusión (streaming) manipulado, también conocida como "Vulnerabil... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 49%CPEs: 15EXPL: 0CVE-2009-1544
https://notcve.org/view.php?id=CVE-2009-1544
12 Aug 2009 — Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability." Vulnerabilidad de doble liberación en el servicio de estación de trabajo en Microsoft Windows permite aumentar sus privilegios ... • http://www.us-cert.gov/cas/techalerts/TA09-223A.html • CWE-399: Resource Management Errors CWE-415: Double Free •
CVSS: 9.3EPSS: 57%CPEs: 15EXPL: 0CVE-2009-1545
https://notcve.org/view.php?id=CVE-2009-1545
12 Aug 2009 — Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability." Vulnerabilidad no especificada en la biblioteca Avifil32.dll en la funcionalidad de manejo de archivos de Windows Media en Microsoft Windows 2000 SP4, XP SP2 y SP3,... • http://secunia.com/advisories/36206 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 63%CPEs: 15EXPL: 0CVE-2009-1546
https://notcve.org/view.php?id=CVE-2009-1546
12 Aug 2009 — Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability." Un desbordamiento de enteros en la biblioteca Avifil32.dll en la funcionalidad de manejo de archivos de Win... • http://osvdb.org/56909 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 67%CPEs: 15EXPL: 0CVE-2009-1929
https://notcve.org/view.php?id=CVE-2009-1929
12 Aug 2009 — Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3; allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Remote Desktop Connection ActiveX Control Heap Overflow Vulnerability." Desbordamiento de búfer basado en pila en el control Microsoft Terminal Services Client ActiveX cuando se corre RDP v6.1 en Windows XP SP2,... • http://osvdb.org/56912 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •