CVSS: 9.3EPSS: 83%CPEs: 5EXPL: 0CVE-2009-0235
https://notcve.org/view.php?id=CVE-2009-0235
15 Apr 2009 — Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability." Desbordamiento de búfer basado en pila en el conversor de texto Word 97 en WordPad en Microsoft Windows 2000... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=783 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 96%CPEs: 28EXPL: 1CVE-2009-0553 – Microsoft Internet Explorer - EMBED Memory Corruption (PoC) (MS09-014)
https://notcve.org/view.php?id=CVE-2009-0553
15 Apr 2009 — Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6 SP1, 6 y 7 en Windows XP SP2 y SP3, 6 y 7 en Windows Server 2003 SP1 y SP2, 7 en Windows... • https://www.exploit-db.com/exploits/8479 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 59%CPEs: 15EXPL: 0CVE-2009-0084
https://notcve.org/view.php?id=CVE-2009-0084
15 Apr 2009 — Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability." DirectShow en Microsoft DirectX v8.1 y v9.0 no descomprime adecuadamente ficheros multimedia, lo cual permite a atacantes remotos ejecutar código de su elección a través de un (1) fichero MJPEG manipulado... • http://osvdb.org/53632 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 70%CPEs: 15EXPL: 0CVE-2009-0086
https://notcve.org/view.php?id=CVE-2009-0086
15 Apr 2009 — Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability." Desbordamiento inferior de entero en Windows HTTP Services (también conocido como WinHTTP) en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vis... • http://osvdb.org/53620 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 38%CPEs: 13EXPL: 0CVE-2009-0087
https://notcve.org/view.php?id=CVE-2009-0087
15 Apr 2009 — Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that contains malformed data, aka "WordPad and Office Text Converter Memory Corruption Vulnerability." Vulnerabilidad no especificada en el conversor de texto Word 6 en WordPad en Microsoft Windows 2000 SP4, XP SP2 y... • http://osvdb.org/53662 •
CVSS: 9.3EPSS: 38%CPEs: 12EXPL: 0CVE-2009-0088
https://notcve.org/view.php?id=CVE-2009-0088
15 Apr 2009 — The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability." El conversor WordPerfect 6.x en Microsoft Office Word 2000 SP3 y Microsoft Office Co... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=782 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 54%CPEs: 44EXPL: 0CVE-2009-0550
https://notcve.org/view.php?id=CVE-2009-0550
15 Apr 2009 — Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections"... • http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx •
CVSS: 9.3EPSS: 86%CPEs: 28EXPL: 0CVE-2009-0551
https://notcve.org/view.php?id=CVE-2009-0551
15 Apr 2009 — Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Tr... • http://osvdb.org/53624 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 82%CPEs: 12EXPL: 0CVE-2009-0552
https://notcve.org/view.php?id=CVE-2009-0552
15 Apr 2009 — Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." Vulnerabilidad no especificada en Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 en Windows XP SP2 y SP3, y 6 en Windows Server 2003 SP1 y SP2 permite... • http://osvdb.org/53625 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 47%CPEs: 29EXPL: 0CVE-2009-0554
https://notcve.org/view.php?id=CVE-2009-0554
15 Apr 2009 — Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer v5.01 SP4, v6 SP1, v6 y v7 en Windows XP SP2 y SP3, v6 y v7 en Windows Server 20... • http://secunia.com/advisories/34678 • CWE-399: Resource Management Errors •