20 results (0.006 seconds)

CVSS: 9.3EPSS: 79%CPEs: 86EXPL: 0

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. Desbordamiento de búfer basado en memoria dinámica en T2EMBED.DLL en Microsoft Windows 2000 SP4, XP SP1 y SP2 y Server 2003 hasta la versión SP1, Windows 98 y Windows ME permite a atacantes remotos ejecutar código arbitrario a través de un mensajes de correo electrónico o una página web con una fuente web Embedded Open Type (EOT) manipulada que desencadena el desbordamiento durante la descompresión. • http://seclists.org/fulldisclosure/2006/Jan/363 http://secunia.com/advisories/18311 http://secunia.com/advisories/18365 http://secunia.com/advisories/18391 http://securitytracker.com/id?1015459 http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm http://www.eeye.com/html/Research/Advisories/EEYEB20050801.html http://www.kb.cert.org/vuls/id/915930 http://www.osvdb.org/18829 http://www.securityfocus.com/archive/1/421885/100/0/threaded http://www.securityfocus.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access. • http://razor.bindview.com/publish/advisories/adv_NTLMSSP.html http://www.securityfocus.com/bid/2348 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-008 https://exchange.xforce.ibmcloud.com/vulnerabilities/6076 •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0

Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability. • http://www.securityfocus.com/bid/2368 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-009 https://exchange.xforce.ibmcloud.com/vulnerabilities/6103 •

CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0

A system does not present an appropriate legal message or warning to a user who is accessing it. • http://ciac.llnl.gov/ciac/bulletins/j-043.shtml •

CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0

A Windows NT administrator account has the default name of Administrator. • https://www.cve.org/CVERecord?id=CVE-1999-0585 •