CVSS: 9.3EPSS: 8%CPEs: 39EXPL: 0CVE-2012-1895
https://notcve.org/view.php?id=CVE-2012-1895
14 Nov 2012 — The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability." La implementación de "reflaction" en Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, v3.5.1, y v4 no refuerza los permisos de objetos de forma adecuada, lo que permite a ... • http://secunia.com/advisories/51236 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.9EPSS: 0%CPEs: 43EXPL: 0CVE-2012-2519
https://notcve.org/view.php?id=CVE-2012-2519
14 Nov 2012 — Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability." Una vulnerabilidad de ruta de búsqueda no confiable en Entity Framework en ADO.NET en Microsoft .NET Framework v1.0 Service Pack v3. v1.1 SP1, v2.0 SP2... • http://secunia.com/advisories/51236 •
CVSS: 9.3EPSS: 88%CPEs: 13EXPL: 2CVE-2012-0003 – Microsoft Windows - midiOutPlayNextPolyEvent Heap Overflow (MS12-004)
https://notcve.org/view.php?id=CVE-2012-0003
10 Jan 2012 — Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability." Una vulnerabilidad no especificada en winmm.dll en la Biblioteca Multimedia de Windows de Windows Media Player (WMP) bajo Microsoft Windows XP SP2 y SP3, Server 2003 SP2, Windows Vista SP2 y Server 2008 SP... • https://www.exploit-db.com/exploits/18426 •
CVSS: 9.3EPSS: 58%CPEs: 13EXPL: 0CVE-2012-0004
https://notcve.org/view.php?id=CVE-2012-0004
10 Jan 2012 — Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability." Vulnerabilidad no especificada en DirectShow en DirectX de Microsoft Windows XP SP2 y SP3, Windo... • http://secunia.com/advisories/47485 •
CVSS: 9.3EPSS: 51%CPEs: 7EXPL: 0CVE-2011-3401
https://notcve.org/view.php?id=CVE-2011-3401
14 Dec 2011 — ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability." ENCDEC.DLL en Windows Media Player y Media Center de Microsoft Windows XP SP2 y SP3, Windows Vista SP2 y Windows 7 Gold y SP1 permite a atacantes remotos ejecutar código de su elección a través de un archivo ".dvr-ms" debidamente mo... • http://www.us-cert.gov/cas/techalerts/TA11-347A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 15%CPEs: 41EXPL: 0CVE-2011-1253
https://notcve.org/view.php?id=CVE-2011-1253
12 Oct 2011 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability." Microsoft .NET Framework v1.0 SP3, v1.1 SP1, v2.0 SP2, v3.5.1, y v4, y Silverlight v4 ... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-078 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 57%CPEs: 11EXPL: 0CVE-2011-0042
https://notcve.org/view.php?id=CVE-2011-0042
09 Mar 2011 — SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability." SBE.dll de Stream Buffer Engine de Windows Media Player y Windows Media Cente... • http://osvdb.org/71016 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 66%CPEs: 61EXPL: 0CVE-2009-3126
https://notcve.org/view.php?id=CVE-2009-3126
14 Oct 2009 — Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, ... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 70%CPEs: 61EXPL: 0CVE-2009-2500
https://notcve.org/view.php?id=CVE-2009-2500
14 Oct 2009 — Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, ... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 61%CPEs: 61EXPL: 0CVE-2009-2501
https://notcve.org/view.php?id=CVE-2009-2501
14 Oct 2009 — Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •