15 matches found
CVE-2007-5348
The CVE-2007-5348 entry concerns an IMAGE processing vulnerability in Microsoft GDI+ that could enable remote code execution. The connected KB954593 article MS08-052 describes multiple vulnerabilities in GDI+ across Windows and Office components that could be exploited by viewing a specially craf...
CVE-2008-3014
CVE-2008-3014 is the GDI+ WMF Buffer Overrun vulnerability. A buffer overflow in gdiplus.dll (GDI+) allows remote code execution when processing a malformed WMF image, affecting multiple Windows and Office components listed in the description (e.g., Internet Explorer 6 SP1 on various Windows vers...
CVE-2008-3012
CVE-2008-3012 corresponds to an in-GDI+ memory allocation flaw in gdiplus.dll that could allow remote code execution when a specially crafted EMF image is viewed. Connected docs confirm this as MS08-052, addressing vulnerabilities in GDI+ across Windows and Office components (IE6, Windows XP, Ser...
CVE-2008-1436
The CVE-2008-1436 entry describes a privilege-escalation token kidnapping issue in Windows where improper handling of SeImpersonatePrivilege could allow a context-dependant attacker to gain LocalSystem privileges by coordinating between two service processes. Public details in connected MS bullet...
CVE-2008-3008
CVE-2008-3008 affects Windows Media Encoder 9 Series. A stack-based buffer overflow in the WMEncProfileManager ActiveX control (wmex.dll) can be triggered by passing a very long first argument to GetDetailsString, enabling remote code execution. The vulnerability is associated with Microsoft MS08...
CVE-2008-1087
CVE-2008-1087: A stack-based buffer overflow in Windows GDI processing of EMF image filenames allows remote code execution. Affected: Windows 2000 SP4, XP SP2, Server 2003 SP1/SP2, Vista, Server 2008. Root cause: buffer overflow in EMF filename handling. Exploit-vector: crafted EMF file name para...
CVE-2008-1435
CVE-2008-1435 (Windows Saved Search Vulnerability) affects Windows Vista (up to SP1) and Windows Server 2008. A remote code execution flaw arises when saving crafted saved-search (.search-ms) files, due to insecure parsing/handling by Windows Explorer. Exploitation requires a user to open and sav...
CVE-2008-1457
CVE-2008-1457 describes a remote code execution vulnerability in the Microsoft Windows Event System. The flaw occurs when creating per-user subscriptions, allowing an attacker with valid logon credentials to craft a subscription request that could run arbitrary code with system privileges. Affect...
CVE-2006-0005
The CVE-2006-0005 vulnerability is a buffer overflow in the Windows Media Player plug-in (npdsplay.dll) used by non‑Microsoft browsers. When a user views HTML containing an EMBED tag with a long src attribute, it may allow remote code execution in the user’s context. Affected software includes Wi...
CVE-2008-1456
CVE-2008-1456 describes a remote code execution vulnerability in the Windows Event System caused by improper validation when indexing an array of function pointers. Affected products include Windows 2000 SP4, XP (SP2/SP3), Server 2003 (SP1/SP2), Vista (initial and SP1), and Server 2008. The issue...
CVE-2008-1086
The CVE-2008-1086 issue concerns the hxvz.dll ActiveX control (HxTocCtrl) used by Microsoft Help 2.5 and exposed in Internet Explorer on Windows XP SP2, Server 2003 SP1/SP2, Vista SP1, and Server 2008. The vulnerability is a memory corruption flaw triggered by malformed arguments to the ActiveX c...
CVE-2008-1445
CVE-2008-1445 corresponds to a denial-of-service vulnerability in Active Directory affecting Windows 2000 Server SP4, Windows XP Professional SP2/SP3, Windows Server 2003 SP1/SP2, and Windows Server 2008. The issue arises from insufficient validation of specially crafted LDAP requests, allowing r...
CVE-2008-1453
The CVE-2008-1453 issue affects the Windows Bluetooth stack in Windows XP SP2/SP3 and Windows Vista SP1. It arises from how the Bluetooth stack handles a large number of Service Description Protocol (SDP) requests, allowing physically proximate attackers to execute arbitrary code and potentially ...
CVE-2008-2246
The CVE-2008-2246 issue is an information-disclosure vulnerability in IPsec policy processing when importing a Windows Server 2003 IPsec policy into Windows Server 2008 domains. Affected products include Windows Vista (SP1) and Windows Server 2008 (and variants listed by OpenVAS/Nessus entries). ...
CVE-2008-0927
The CVE-2008-0927 issue is in dhost.exe of Novell eDirectory. Affected products are eDirectory versions before SP10 of 8.7.3 and before 8.8.2, where the dhost.exe process can be forced to consume 100% CPU (DoS) by certain HTTP requests that abuse Connection headers (either multiple Connection hea...