CVSS: 9.8EPSS: 37%CPEs: 4EXPL: 0CVE-2009-1924
https://notcve.org/view.php?id=CVE-2009-1924
12 Aug 2009 — Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability." Desbordamiento de entero en el el componente Windows Internet Name Service (WINS) para Windows 2000 SP4, permite a los partners (compañeros) de replicación WINS remota la ejecución de código de su elección a través de estructuras de datos manipuladas en un paq... • http://www.us-cert.gov/cas/techalerts/TA09-223A.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 46%CPEs: 18EXPL: 0CVE-2009-1930
https://notcve.org/view.php?id=CVE-2009-1930
12 Aug 2009 — The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834. El servicio Telnet en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2 permite a los servidores Telnet r... • http://osvdb.org/56904 • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 57%CPEs: 16EXPL: 0CVE-2009-2494
https://notcve.org/view.php?id=CVE-2009-2494
12 Aug 2009 — The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability." La librería Active Template (ATL) en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2 perm... • http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 66%CPEs: 17EXPL: 0CVE-2009-1133 – Microsoft Remote Desktop Client Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-1133
11 Aug 2009 — Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability." Desbordamiento de búfer basado en memoria dinámica en la conexión remota de escritorio de Microsoft (anteriormente Terminal Services Client) cuando corre RDP desde v5.0 hasta v6.1 e... • http://secunia.com/advisories/36229 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 63%CPEs: 4EXPL: 0CVE-2009-1923 – Microsoft Windows WINS Service Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-1923
11 Aug 2009 — Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability." Desbordamiento de búfer basado en memoria dinámica (heap) en el componente servicio de nombres de Internet (WINS) para Microsoft Windows 2000 SP4 y Server 2003 SP2 en Windows, permite a los atacante... • http://www.us-cert.gov/cas/techalerts/TA09-223A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2717
https://notcve.org/view.php?id=CVE-2009-2717
10 Aug 2009 — The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. La implementación de Abstract Window Toolkit (AWT) en Sun Java SE v6 anteriores a Update 15 para Windows 2000 Professional no proporciona un Security Warning Icon, facilitando a atacantes dependientes del contexto que engañen a un usuar... • http://java.sun.com/javase/6/webnotes/6u15.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 66%CPEs: 31EXPL: 0CVE-2009-1917
https://notcve.org/view.php?id=CVE-2009-1917
29 Jul 2009 — Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability." Microsoft Internet Explorer v6 SP1; Internet Explorer ... • http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=953693 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 61%CPEs: 31EXPL: 0CVE-2009-1919 – Microsoft Internet Explorer CSS Behavior Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1919
29 Jul 2009 — Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via an HTML document containing embedded style sheets that modify unspecified rule properties that cause the behavior element to be "improper... • http://www.securityfocus.com/archive/1/505524/100/0/threaded • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 62%CPEs: 31EXPL: 0CVE-2009-1918 – Microsoft Internet Explorer getElementsByTagName Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1918
29 Jul 2009 — Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML O... • http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=953693 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 28%CPEs: 16EXPL: 0CVE-2009-2493
https://notcve.org/view.php?id=CVE-2009-2493
29 Jul 2009 — The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to... • http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx • CWE-264: Permissions, Privileges, and Access Controls •