CVE-2009-1544
https://notcve.org/view.php?id=CVE-2009-1544
Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability." Vulnerabilidad de doble liberación en el servicio de estación de trabajo en Microsoft Windows permite aumentar sus privilegios a usuarios remotos autenticados a través de un mensaje RPC manipulado al sistema en Windows XP SP2 o SP3 o Server 2003 SP2, o producir una denegación de servicio a través de un mensaje RPC manipulado al sistema de Vista Gold, SP1, o SP2 o Server 2008 Gold o SP2, tambien conocido como "Vulnerabilidad de corrupción de memoria del servicio de estación de trabajo". • http://www.us-cert.gov/cas/techalerts/TA09-223A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-041 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6286 • CWE-399: Resource Management Errors CWE-415: Double Free •
CVE-2009-1133 – Microsoft Remote Desktop Client Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-1133
Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability." Desbordamiento de búfer basado en memoria dinámica en la conexión remota de escritorio de Microsoft (anteriormente Terminal Services Client) cuando corre RDP desde v5.0 hasta v6.1 en Windows, y Cliente de escritorio remoto para Mac 2.0, permite a atacantes remotos ejecutar código arbitrario a través de parámetros sin especificar, también conocido como "Vulnerabilidad de memoria dinámica en la conexión de escritorio remoto" This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft's Remote Desktop Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within mstscax.dll when parsing packets from an RDP server. A design flaw in the client allows a malicious RDP server to write to arbitrary memory inside the connecting processes memory space. By hosting a malicious RDP server, an attacker can execute arbitrary code on any client that attempts to connect to it. • http://secunia.com/advisories/36229 http://www.securitytracker.com/id?1022709 http://www.us-cert.gov/cas/techalerts/TA09-223A.html http://www.vupen.com/english/advisories/2009/2238 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-044 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5693 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-1923 – Microsoft Windows WINS Service Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-1923
Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability." Desbordamiento de búfer basado en memoria dinámica (heap) en el componente servicio de nombres de Internet (WINS) para Microsoft Windows 2000 SP4 y Server 2003 SP2 en Windows, permite a los atacantes remotos ejecutar arbitrariamente código a través de un paquete de replicación WINS manipulado que lanza un cálculo incorrecto de longitud de búfer, también conocido como "Vulnerabilidad de desbordamiento de búfer WINS basado en memoria dinámica". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WINS.exe process which provides name resolution services for NetBIOS networks. While parsing a push request the WINS service copies packet data to a static heap buffer while within a controlled loop. • http://www.us-cert.gov/cas/techalerts/TA09-223A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6410 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-2653 – Microsoft Windows XP - 'win32k.sys' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-2653
The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend. ** IMPUGNADA ** La función NtUserConsoleControl en win32k.sys en Microsoft Windows XP SP2 y SP3, y Server 2003 anterior a SP1, permite a usuarios administradores locales evitar "programas de seguridad" no especificados y obtener privilegios mediante una petición modificada que provoca la escritura de zonas de memoria de su elección. NOTA: el vendedor impugna la importancia de este informe, manteniendo que 'el "escalado" a SYSTEM de los administradores no es una limitación de seguridad que protejamos" • https://www.exploit-db.com/exploits/9301 http://blogs.technet.com/srd/archive/2009/06/11/latest-baidu-public-posting-requires-adminisrator-to-elevate.aspx http://hi.baidu.com/azy0922/blog/item/f950cbc2890729130ef47783.html http://osvdb.org/56780 http://securitytracker.com/id?1022630 http://www.exploit-db.com/exploits/9301 http://www.ntinternals.org/index.html#09_07_30 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-1917
https://notcve.org/view.php?id=CVE-2009-1917
Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability." Microsoft Internet Explorer v6 SP1; Internet Explorer 6 para Windows XP SP2 y SP3 y Server 2003 SP2; e Internet Explorer 7 y 8 for Windows XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2, no maneja adecuadamente los intentos de acceso a objetos eliminados de la memoria, lo que permite a atacantes remotos la ejecución de código de su elección a través de un documento HTML manipulado que provoca una corrupción de memoria. También conocida como "Vulnerabilidad de corrupción de Memoria en objetos HTML". • http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=953693 http://www.securityfocus.com/bid/35831 http://www.securitytracker.com/id?1022611 http://www.us-cert.gov/cas/techalerts/TA09-195A.html http://www.vupen.com/english/advisories/2009/2033 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-034 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6072 • CWE-399: Resource Management Errors •