CVSS: 9.3EPSS: 58%CPEs: 14EXPL: 4CVE-2009-0076 – Microsoft Internet Explorer Malformed CSS Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-0076
Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability." Microsoft Internet Explorer 7, cuando usamos XHTML en modo estricto, permite a atacantes remotos ejecutar código de su elección a través de la directiva "zoom style" en conjunción con otras directivas no especificadas en una hoja de estilo en cascada (CSS)en un documento HTML manipulado, también conocido como "Vulnerabilidad de Corrupción de Memoria CSS". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when processing, in XHTML strict mode, a CSS stylesheet containing a specific combination of style directives one of which must be a 'zoom'. The fault in processing results in a memory corruption vulnerability which can be leveraged to execute arbitrary code under the context of the current user. • https://www.exploit-db.com/exploits/8082 https://www.exploit-db.com/exploits/8079 https://www.exploit-db.com/exploits/8080 https://www.exploit-db.com/exploits/8152 http://www.us-cert.gov/cas/techalerts/TA09-041A.html http://www.vupen.com/english/advisories/2009/0389 http://www.zerodayinitiative.com/advisories/ZDI-09-012 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ov • CWE-399: Resource Management Errors •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0320
https://notcve.org/view.php?id=CVE-2009-0320
Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack." Microsoft Windows XP, Server 2003 y 2008, y Vista expone las mediciones de la actividad de I/O (entrada/salida) de todos los procesos, lo que permite a usuarios locales obtener información sensible, como se ha demostrado mediante la lectura de las I/O en la columna Other Bytes en el Administrador de tareas (Task Manager) para estimar el número de caracteres que ha introducido (en el runas.exe - ejecutar como) un usuario (distinto del de la sesion actual) en la ventana que solicita la contraseña, relacionado con un "benchmarking attack". • http://www.securityfocus.com/archive/1/500393/100/0/threaded http://www.securityfocus.com/bid/33440 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.2EPSS: 2%CPEs: 15EXPL: 0CVE-2009-0243
https://notcve.org/view.php?id=CVE-2009-0243
Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device; (5) allows user-assisted remote attackers to execute arbitrary code by mapping a network drive; and allows user-assisted attackers to execute arbitrary code by clicking on (6) an icon under My Computer\Devices with Removable Storage and (7) an option in an AutoPlay dialog, related to the Autorun.inf file. NOTE: vectors 1 and 3 on Vista are already covered by CVE-2008-0951. Microsoft Windows no respeta correctamente los valores del registro Autorun y NoDriveTypeAutoRun, lo que permite a atacantes físicamente próximos ejecutar código de su elección (1) introduciendo un CD-ROM, (2) introduciendo un DVD, (3) conectando un dispositivo USB y (4) conectando un dispositivo Firewire; (5) permite a atacantes remotos ayudados por el usuario ejecutar código de su elección mapeando un dispositivo de red; y permite a atacantes ayudados por el usuario ejecutar código de su elección haciendo click en (6) un icono en Mi PC\Dispositivos con almacenamiento extraíble y (7) una opción en un diálogo AutoPlay, relacionado con el archivo Autorun.inf. NOTA: los vectores 1 y 3 en Vista ya están cubiertos por CVE-2008-0951. • http://isc.sans.org/diary.html?storyid=5695 http://www.securitytracker.com/id?1021629 http://www.us-cert.gov/cas/techalerts/TA09-020A.html • CWE-16: Configuration •
CVSS: 10.0EPSS: 72%CPEs: 15EXPL: 0CVE-2008-4834 – Microsoft SMB NT Trans Request Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-4834
Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability." Desbordamiento de búfer de SMB en el servicio Server en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP1 y SP2, permite a atacantes remotos ejecutar código de su elección a través de valores mal formados "dentro de los campos de los paquetes SMB" sin especificar en una petición NT Trans, también conocido como "Vulnerabilidad de ejecución de código remoto con desbordamiento de búfer SMB". This vulnerability allows remote attackers to trigger a denial of service condition on vulnerable installations of Microsoft Windows; remote code execution is also theoretically possible. User interaction is not required to exploit this vulnerability. The specific flaw exists in the processing of SMB requests. By specifying malformed values during an NT Trans request an attacker can cause the target system to kernel panic thereby requiring a reboot of the system. • http://www.securityfocus.com/archive/1/500012/100/0/threaded http://www.securityfocus.com/bid/33121 http://www.securitytracker.com/id?1021560 http://www.us-cert.gov/cas/techalerts/TA09-013A.html http://www.vupen.com/english/advisories/2009/0116 http://www.zerodayinitiative.com/advisories/ZDI-09-001 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5863 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 66%CPEs: 15EXPL: 0CVE-2008-4835 – Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-4835
SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability." SMB en el servicio Server en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008, permite a atacantes remotos ejecutar código de su elección a través de valores sinb especificar "dentro de los campos de los paquetes SMB" en una petición NT Trans2, relacionado con una "validación insuficiente del tamaño del búfer", también conocido como "vulnerabilidad de ejecución de código remota para validación de SMB". This vulnerability allows remote attackers to trigger a denial of service condition on vulnerable installations of Microsoft Windows; remote code execution is also theoretically possible. User interaction is not required to exploit this vulnerability. The specific flaw exists in the processing of SMB requests. By specifying malformed values during an NT Trans2 request an attacker can cause the target system to kernel panic thereby requiring a reboot of the system. • http://www.securityfocus.com/archive/1/500013/100/0/threaded http://www.securityfocus.com/bid/33122 http://www.securitytracker.com/id?1021560 http://www.us-cert.gov/cas/techalerts/TA09-013A.html http://www.vupen.com/english/advisories/2009/0116 http://www.zerodayinitiative.com/advisories/ZDI-09-002 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5248 • CWE-94: Improper Control of Generation of Code ('Code Injection') •