CVSS: 9.3EPSS: 55%CPEs: 41EXPL: 0CVE-2009-2531 – Microsoft Internet Explorer writing-mode Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-2531
13 Oct 2009 — Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530. Microsoft Internet Explorer v6, v6 SP1, v7, y v8, no maneja adecuadamente objetos en memoria lo que permite a atacantes remotos ejecutar codigo arbitrario m... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 60%CPEs: 23EXPL: 0CVE-2009-0555 – Microsoft Windows Media Player Audio Voice Sample Rate Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-0555
13 Oct 2009 — Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." Microsoft Windows Media Runtime, como se utiliza en DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, y Audi... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 60%CPEs: 14EXPL: 0CVE-2009-1925
https://notcve.org/view.php?id=CVE-2009-1925
08 Sep 2009 — The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability." La implementación de TCP/IP en Microsoft Windows Vista Gold, SP1, y SP2 y en Server 2008 Gold y SP2 no maneja adecuadamente la... • http://www.us-cert.gov/cas/techalerts/TA09-251A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 70%CPEs: 17EXPL: 0CVE-2009-1926
https://notcve.org/view.php?id=CVE-2009-1926
08 Sep 2009 — Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability." Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1 y SP2, y Server 2008 Gold y SP2 permiten a ... • http://osvdb.org/57797 •
CVSS: 9.3EPSS: 57%CPEs: 45EXPL: 0CVE-2009-2498
https://notcve.org/view.php?id=CVE-2009-2498
08 Sep 2009 — Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability." Microsoft Windows Media Format Runtime v9.0, v9.5, y v11 y Windows Media Services v9.1 y 2008 no no analiza apropiadamente cabeceras malformadas en archivos Advanced... • http://www.us-cert.gov/cas/techalerts/TA09-251A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 52%CPEs: 45EXPL: 0CVE-2009-2499
https://notcve.org/view.php?id=CVE-2009-2499
08 Sep 2009 — Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability." Microsoft Windows Media Format Runtime v9.0, v9.5, y v11; y Microsoft Media Foundation en Windows Vista Gold, SP1, y SP2 y Server 2008; permite a atacantes remotos ejecutar código a su ele... • http://www.us-cert.gov/cas/techalerts/TA09-251A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 39%CPEs: 5EXPL: 0CVE-2009-2519
https://notcve.org/view.php?id=CVE-2009-2519
08 Sep 2009 — The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability." El control ActiveX "DHTML Editing Component" en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 no da formato adecuado a las marcas HTML, permitiendo a atacantes remotos ... • http://secunia.com/advisories/36592 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 39%CPEs: 17EXPL: 0CVE-2009-1920 – Microsoft Internet Explorer JScript arguments Invocation Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1920
08 Sep 2009 — The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability." El motor de secuencias de comandos JScript v5.1, v5.6, v5.7, y v5.8 en JScript.dll en Microsoft Windows, utilizado en Internet Explorer, no carga apropiadamente ... • http://www.us-cert.gov/cas/techalerts/TA09-251A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 78%CPEs: 19EXPL: 6CVE-2009-3023 – Microsoft IIS 5.0 FTP Server (Windows 2000 SP4) - Remote Stack Overflow
https://notcve.org/view.php?id=CVE-2009-3023
31 Aug 2009 — Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability." Un desbordamiento de búfer en el Servicio FTP en Internet Information Services (IIS) de Microsoft versiones 5.0 hasta 6.0, permite a los usuarios autenticados remotos ejecutar código arbitrario por medio de un com... • https://www.exploit-db.com/exploits/9559 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 1%CPEs: 6EXPL: 0CVE-2009-1922
https://notcve.org/view.php?id=CVE-2009-1922
12 Aug 2009 — The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability." El servicio de cola de mensajes de Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, y Vista Gold no valida de forma adecuada los datos de una petición inespecífica IOCTL en el m... • http://en.securitylab.ru/lab/PT-2008-09 • CWE-264: Permissions, Privileges, and Access Controls •