CVSS: 9.3EPSS: 64%CPEs: 10EXPL: 0CVE-2009-1538
https://notcve.org/view.php?id=CVE-2009-1538
15 Jul 2009 — The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability." EL QuickTime Movie Parser Filter en quartz.dll en DirectShow en Microsoft DirectX v7.0 a la v9.0c sobre Windows 2000 ... • http://osvdb.org/55844 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 71%CPEs: 11EXPL: 0CVE-2009-0231
https://notcve.org/view.php?id=CVE-2009-0231
15 Jul 2009 — The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability." El Motor de Fuente de Embedded OpenType (EOT) (T2EMBED. DLL) en Microsoft Windows versiones 2000 SP4, XP SP2 y SP3, Ser... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=811 • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 9.3EPSS: 66%CPEs: 16EXPL: 0CVE-2009-0232
https://notcve.org/view.php?id=CVE-2009-0232
15 Jul 2009 — Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability." Embedded OpenType (EOT) Font Engine en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2, permite a atacantes remotos ejecutar código de s... • http://www.securitytracker.com/id?1022543 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 52%CPEs: 10EXPL: 0CVE-2009-1539 – Microsoft DirectShow Quicktime Atom Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1539
14 Jul 2009 — The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability." EL QuickTime Movie Parser Filter en quartz.dll en DirectShow en Microsoft DirectX v7.0 a la v9.0c sobre Windows 2000 SP4, Windows XP SP2 y SP... • http://osvdb.org/55845 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 92%CPEs: 2EXPL: 3CVE-2009-1122 – Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2009-1122
10 Jun 2009 — The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. La extension WebDAV en Microsoft Internet Information Services (IIS) v5.0 on Windows 2000 SP4 no decodifica adecuadamente las URLs, lo que permite a atacantes remot... • https://packetstorm.news/files/id/181127 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 4%CPEs: 12EXPL: 0CVE-2009-1123 – Microsoft Windows Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2009-1123
10 Jun 2009 — The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability." El kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 SP2 no valida adecuadamente los cambios en objetos del kernel no especificados, lo que permite a u... • http://osvdb.org/54940 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2009-1124
https://notcve.org/view.php?id=CVE-2009-1124
10 Jun 2009 — The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability." El Kernel en Microsoft Windows 2000 SP4, XP SP2 y XP SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 SP2 no validan de forma apropiada los punteros en modo usuario, bajo cond... • http://osvdb.org/54941 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2009-1125
https://notcve.org/view.php?id=CVE-2009-1125
10 Jun 2009 — The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability." The kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 SP2, no valida adecuadamente un argumento de una llamada de sistema inespecífica, lo... • http://osvdb.org/54942 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2009-1126
https://notcve.org/view.php?id=CVE-2009-1126
10 Jun 2009 — The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability." El kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2, no valida adecuadamente la entrada "user-mode" asociada con la edición de un parámetro de escritorio no especificados lo que ... • http://osvdb.org/54943 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 49%CPEs: 29EXPL: 1CVE-2009-1140 – Microsoft Internet Explorer 5.0.1 - Cached Content Cross Domain Information Disclosure
https://notcve.org/view.php?id=CVE-2009-1140
10 Jun 2009 — Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability." Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 y 7 en Windows XP SP2 y SP3; 6 y 7 en Server 2003 SP2; 7 en Vista Gold, SP1 y SP2; y 7 en Server 2008... • https://www.exploit-db.com/exploits/33024 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •