CVSS: 9.3EPSS: 49%CPEs: 37EXPL: 0CVE-2009-3673 – Microsoft Internet Explorer CSS Race Condition Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-3673
Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer v7 and v8 no maneja adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue adecuadamente inicializado o (2) es borrado, desencadenando en una corrupción de memoria, conocido como "Uninitialized Memory Corruption Vulnerability." This vulnerability allows remote attackers to potentially execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during a race condition while repetitively clicking between two elements at a fast rate. When clicking back and forth between these two elements a corruption occurs resulting in a call to a dangling pointer which can be further leveraged into code execution via a heap spray. • http://www.securitytracker.com/id?1023293 http://www.us-cert.gov/cas/techalerts/TA09-342A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6519 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 84%CPEs: 37EXPL: 0CVE-2009-3674 – Microsoft Internet Explorer IFrame Attributes Circular Reference Dangling Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2009-3674
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671. Microsoft Internet Explorer 8 no maneja de manera apropiada objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue iniciado adecuadamente o (2) está borrado, provocando una corrupción de memoria. También conocido como "Vulnerabilidad Uninitialized Memory Corruption", una vulnerabilidad diferente a CVE-2009-3671. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The specific flaw exists during deallocation of a circular dereference for a CAttrArray object. • http://www.securitytracker.com/id?1023293 http://www.us-cert.gov/cas/techalerts/TA09-342A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6570 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 84%CPEs: 32EXPL: 2CVE-2009-3672 – Microsoft Internet Explorer - Style getElementsByTagName Memory Corruption (MS09-072)
https://notcve.org/view.php?id=CVE-2009-3672
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054. Microsoft Internet Explorer versiones 6 y 7 no controlan apropiadamente los objetos en la memoria que (1) no se inicializaron apropiadamente o (2) se eliminan, lo que permite a los atacantes remotos ejecutar código arbitrario por medio de vectores que implican una llamada al método getElementsByTagName para el nombre de etiqueta STYLE , selección del elemento único en la lista devuelta y un cambio a la propiedad outerHTML de este elemento, relacionados con Hojas de Estilos en Cascada (CSS) y mshtml.dll, también se conoce como "HTML Object Memory Corruption Vulnerability" Nota: algunos de estos detalles se obtienen de información de terceros. • https://www.exploit-db.com/exploits/16547 http://secunia.com/advisories/37448 http://www.kb.cert.org/vuls/id/515749 http://www.microsoft.com/technet/security/advisory/977981.mspx http://www.securityfocus.com/archive/1/507984/100/0/threaded http://www.securityfocus.com/bid/37085 http://www.securitytracker.com/id?1023293 http://www.symantec.com/connect/blogs/zero-day-internet-explorer-exploit-published http://www.us-cert.gov/cas/techalerts/TA09-342A.html http://www.vupen& • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 97%CPEs: 17EXPL: 1CVE-2009-2514 – Microsoft Windows Server 2000 < 2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065)
https://notcve.org/view.php?id=CVE-2009-2514
win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability." win32k.sys en el kernel en Microsoft Windows v2000 SP4, XP SP2 y SP3, y Server v2003 SP2 no analiza correctamente el código de fuente durante la construcción de una tabla de entrada de directorio, lo que permite a atacantes remotos ejecutar código de su elección a través de fuentes Embedded OpenType (EOT) manipuladas, como "vulnerabilidad Win32k EOT Parsing". • https://www.exploit-db.com/exploits/10068 http://www.us-cert.gov/cas/techalerts/TA09-314A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-065 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6406 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 0CVE-2009-2513
https://notcve.org/view.php?id=CVE-2009-2513
The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability." Graphics Device Interface (GDI) en win32k.sys en el kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server v2003 SP2, Vista Gold, SP1, y SP2, y Server v2008 Gold y SP2 no valida adecuadamente la entrada a user-mode, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, como "vulnerabilidad de validación de datos insuficiente Win32k" • http://www.us-cert.gov/cas/techalerts/TA09-314A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-065 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6277 • CWE-20: Improper Input Validation •