CVSS: 7.8EPSS: 21%CPEs: 4EXPL: 0CVE-2012-5362
https://notcve.org/view.php?id=CVE-2012-5362
20 Feb 2020 — The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2010-4669. La implementación de IPv6 en Microsoft Windows 7 y anteriores, permite a atacantes remotos causar una denegación de servicio por medio de una avalancha de mensajes ICMPv6 Neighbor Solicitation, una vulnerabilidad diferente a CVE-2010-4669. • http://www.openwall.com/lists/oss-security/2012/10/10/12 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 21%CPEs: 4EXPL: 0CVE-2012-5364
https://notcve.org/view.php?id=CVE-2012-5364
20 Feb 2020 — The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. La implementación de IPv6 en Microsoft Windows 7 y anteriores, permite a atacantes remotos causar una denegación de servicio por medio de una avalancha de paquetes ICMPv6 Router Advertisement, que contienen múltiples entradas de Enrutamiento. • http://www.openwall.com/lists/oss-security/2012/10/10/12 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-14010
https://notcve.org/view.php?id=CVE-2017-14010
26 Apr 2018 — In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. En SpiderControl MicroBrowser en Windows XP, Vista 7, 8 y 10, en sus versiones 1.6.30.144 y anteriores, se ha identificado una vulnerabilidad no controlad... • http://spidercontrol.net/download/downloadarea/?lang=en • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 12%CPEs: 5EXPL: 2CVE-2018-7250
https://notcve.org/view.php?id=CVE-2018-7250
26 Feb 2018 — An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data. Se ha descubierto un problema en secdrv.sys, tal y como se distribuye en Microsoft Windows Vista, Windows 7, Windows 8 y Windows 8.1 en versiones anteriores a la KB3086255 y tal y como s... • https://github.com/Elvin9/SecDrvPoolLeak • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 2%CPEs: 5EXPL: 3CVE-2018-7249
https://notcve.org/view.php?id=CVE-2018-7249
26 Feb 2018 — An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel. Se ha descubierto un problema en secdrv.sys, tal y como se distribuye en Microsoft Windows Vista, Windows 7, Windows 8 y Windows 8.1 en versiones anteriore... • https://github.com/Elvin9/NotSecDrv • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 14EXPL: 0CVE-2017-0166
https://notcve.org/view.php?id=CVE-2017-0166
12 Apr 2017 — An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP Elevation of Privilege Vulnerability." Existe una vulnerabilidad de elevación de privilegios en Windows cuando se calculan incorrectamente las longitudes del búfer de solicitud LDAP. En un escenario de ataque remoto, ... • http://www.securityfocus.com/bid/97446 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 4.3EPSS: 21%CPEs: 13EXPL: 0CVE-2017-0192
https://notcve.org/view.php?id=CVE-2017-0192
12 Apr 2017 — The Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold , 1511, 1607, and 1703 allows an attacker to gain sensitive information via a specially crafted document or an untrusted website, aka "ATMFD.dll Information Disclosure Vulnerability." Adobe Type Manager Font Driver (ATMFD.dll) en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2 SP1; Windows... • http://www.securityfocus.com/bid/97452 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 12%CPEs: 13EXPL: 2CVE-2017-0058 – Microsoft Windows Kernel - 'win32k.sys' Multiple 'NtGdiGetDIBitsInternal' System Call
https://notcve.org/view.php?id=CVE-2017-0058
12 Apr 2017 — A Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability." Existe una vulnerabilidad de divulgación de información de Win32k en Microsoft Windows cuando el componente win32k proporciona información del kernel incorrectamente. Un atacante que explotó con éxi... • https://packetstorm.news/files/id/142146 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 94%CPEs: 11EXPL: 35CVE-2017-0199 – Microsoft Office and WordPad Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-0199
12 Apr 2017 — Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API." Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1 y Windows 8.1 permiten a at... • https://packetstorm.news/files/id/142211 •
CVSS: 7.6EPSS: 19%CPEs: 13EXPL: 0CVE-2017-0158 – Microsoft Windows ADO Array-Type Parameter Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-0158
11 Apr 2017 — An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Scripting Engine Memory Corruption Vulnerability." Existe una vulnerabilidad de elevación de privilegios cuando Microsoft Windows, que se ejecuta en Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1 y Windows Server 2012 R2, no desinfecta adecuadamente los identificadores de memoria, vulne... • http://www.securityfocus.com/bid/97455 •