CVSS: 5.9EPSS: 51%CPEs: 7EXPL: 0CVE-2009-0093
https://notcve.org/view.php?id=CVE-2009-0093
11 Mar 2009 — Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692. Servidor DNS en Micro... • http://blog.ncircle.com/blogs/vert/archives/2009/03/successful_exploit_renders_mic.html • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 53%CPEs: 7EXPL: 0CVE-2009-0094
https://notcve.org/view.php?id=CVE-2009-0094
11 Mar 2009 — The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related i... • http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx •
CVSS: 5.8EPSS: 54%CPEs: 7EXPL: 0CVE-2009-0233
https://notcve.org/view.php?id=CVE-2009-0233
11 Mar 2009 — The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability." El DNS Resolver Cache Service (también conocido como DNSCache) en Windows... • http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 63%CPEs: 7EXPL: 0CVE-2009-0234
https://notcve.org/view.php?id=CVE-2009-0234
11 Mar 2009 — The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability." El DNS Resolver Cache Service (también conocido como DNSCache) en Windows DNS Server en Microsoft Windows 2000 SP... • http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 65%CPEs: 15EXPL: 0CVE-2009-0081
https://notcve.org/view.php?id=CVE-2009-0081
10 Mar 2009 — The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability." La implementación de la interfaz gráfica de dispositivos (GDI) en Microsoft Wind... • http://osvdb.org/52522 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2009-0082
https://notcve.org/view.php?id=CVE-2009-0082
10 Mar 2009 — The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability." El kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008 no maneja adecuadamente la validación, lo que permite a usuarios locales ganar privile... • http://osvdb.org/52523 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 15EXPL: 0CVE-2009-0083
https://notcve.org/view.php?id=CVE-2009-0083
10 Mar 2009 — The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability." El kernel en Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 no gestiona adecuadamente los punteros inválidos, lo que permite a usuarios locales ganar privilegios a través de una aplicación que inicia el uso de un punter... • http://osvdb.org/52524 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 21%CPEs: 15EXPL: 0CVE-2009-0085
https://notcve.org/view.php?id=CVE-2009-0085
10 Mar 2009 — The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability." El compone... • http://osvdb.org/52521 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 14%CPEs: 2EXPL: 0CVE-2009-0282
https://notcve.org/view.php?id=CVE-2009-0282
27 Jan 2009 — Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error. Desbordamiento de enteros en el adaptador inalámbrico USB (RT73) de Ralink Technology versión 3.08 para Windows, y otros controladores de tarjetas inalámbricas c... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512995 • CWE-189: Numeric Errors •
CVSS: 7.2EPSS: 1%CPEs: 15EXPL: 0CVE-2009-0243
https://notcve.org/view.php?id=CVE-2009-0243
21 Jan 2009 — Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device; (5) allows user-assisted remote attackers to execute arbitrary code by mapping a network drive; and allows user-assisted attackers to execute arbitrary code by clicking on (6) an icon under My Computer\Devices with Removabl... • http://isc.sans.org/diary.html?storyid=5695 • CWE-16: Configuration •