CVE-2009-2503 – Microsoft Windows GDI+ TIFF Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-2503
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability." GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web v2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 y SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 no localiza adecuadamente un búfer sin especificar, lo que permite a atacantes remotos ejecutar código arbitrario a través de un fichero de imagen TIFF que inicia una corrupción de memoria, también conocido como "Vulnerabilidad de corrupción de memoria GDI+ TIFF" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a user must open a malicious image file or browse to a malicious website. The specific flaws exist in the GDI+ subsystem when parsing maliciously crafted TIFF files. By supplying a malformed graphic control extension an attacker can trigger an exploitable memory corruption condition. Successful exploitation can result in arbitrary code execution under the credentials of the currently logged in user. • http://www.us-cert.gov/cas/techalerts/TA09-286A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2009-2681
https://notcve.org/view.php?id=CVE-2009-2681
Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) A.02.x through A.02.03 and A.03.x through A.03.00, on Windows Server 2003 with IAS and Windows Server 2008 with NPS, allows local users to gain privileges via unknown vectors. Vulnerabilidad no especificada en HP ProCurve Identity Driven Manager (IDM) vA.02.x hasta vA.02.03 y vA.03.x thasta vA.03.00, en Windows Server 2003 con IAS y Windows Server 2008 con NPS, permite a usuarios locales obtener privilegios a través de vectores desconocidos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01798159 http://secunia.com/advisories/36792 http://securitytracker.com/id?1022915 http://www.securityfocus.com/bid/36462 http://www.vupen.com/english/advisories/2009/2707 •
CVE-2009-1925
https://notcve.org/view.php?id=CVE-2009-1925
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability." La implementación de TCP/IP en Microsoft Windows Vista Gold, SP1, y SP2 y en Server 2008 Gold y SP2 no maneja adecuadamente la información de estado, permitiendo a atacantes remotos ejecutar código de su elección al enviar paquetes a un servicio en escucha, y así provocar una malinterpretación de un campo no especificado como un puntero a función, también conocido como "TCP/IP Timestamps Code Execution Vulnerability". • http://www.us-cert.gov/cas/techalerts/TA09-251A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6374 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2009-2498
https://notcve.org/view.php?id=CVE-2009-2498
Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability." Microsoft Windows Media Format Runtime v9.0, v9.5, y v11 y Windows Media Services v9.1 y 2008 no no analiza apropiadamente cabeceras malformadas en archivos Advanced Systems Format (ASF), lo que permite a los atacantes remotos ejecutar arbitrariamente código a través de archivo manipulado (1) .asf, (2) .wmv, o (3) .wma, también conocido como "Vulnerabilidad libre invalidada de analizador de cabeceras en Windows Media" • http://www.us-cert.gov/cas/techalerts/TA09-251A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6257 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2009-2499
https://notcve.org/view.php?id=CVE-2009-2499
Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability." Microsoft Windows Media Format Runtime v9.0, v9.5, y v11; y Microsoft Media Foundation en Windows Vista Gold, SP1, y SP2 y Server 2008; permite a atacantes remotos ejecutar código a su elección en un fichero MP3 con metadatos manipulados que desembocan en un error de memoria, también llamado "Vulnerabilidad de error de memoria Windows Media Playback." • http://www.us-cert.gov/cas/techalerts/TA09-251A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531 • CWE-94: Improper Control of Generation of Code ('Code Injection') •