CVE-2009-1126
https://notcve.org/view.php?id=CVE-2009-1126
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability." El kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2, no valida adecuadamente la entrada "user-mode" asociada con la edición de un parámetro de escritorio no especificados lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "Vulnerabilidad de edición de parámetro en el escritorio de Windows". • http://osvdb.org/54943 http://secunia.com/advisories/35372 http://www.securitytracker.com/id?1022359 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1544 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-025 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6016 • CWE-20: Improper Input Validation •
CVE-2009-1125
https://notcve.org/view.php?id=CVE-2009-1125
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability." The kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 SP2, no valida adecuadamente un argumento de una llamada de sistema inespecífica, lo que permite a usuarios locales ganar privilegios a través de una aplicación manipulada, también conocido como "Vulnerabilidad de Registro de Clase de Driver de Windows". • http://osvdb.org/54942 http://secunia.com/advisories/35372 http://www.securityfocus.com/bid/35240 http://www.securitytracker.com/id?1022359 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1544 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-025 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5912 • CWE-20: Improper Input Validation •
CVE-2009-1123 – Microsoft Windows Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2009-1123
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability." El kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 SP2 no valida adecuadamente los cambios en objetos del kernel no especificados, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "Vulnerabilidad de escritorio en el kernel de Windows". The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application. • http://osvdb.org/54940 http://secunia.com/advisories/35372 http://www.securitytracker.com/id?1022359 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1544 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-025 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6206 • CWE-20: Improper Input Validation •
CVE-2009-0229
https://notcve.org/view.php?id=CVE-2009-0229
The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." Servicio de impresión de Windows en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1 y SP2, y Server 2008 SP2 permite a usuarios locales leer archivos arbitrarios a través de un separador de página elaborado, alias "Vulnerabilidad de lectura de archivo en cola de impresión". • https://github.com/zveriu/CVE-2009-0229-PoC http://osvdb.org/54933 http://secunia.com/advisories/35365 http://support.avaya.com/elmodocs2/security/ASA-2009-217.htm http://www.securityfocus.com/bid/35208 http://www.securitytracker.com/id?1022352 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1541 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-022 https://oval.cisecurity.org/repository/search • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-1529 – Microsoft Internet Explorer setCapture Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1529
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 7 para Windows XP SP2 y SP3; 7 para Server 2003 SP2; 7 para Vista Gold, SP1 y SP2; y 7 para Server 2008 SP2, no maneja apropiadamente los objetos en la memoria, lo que permite a los atacantes remotos ejecutar código arbitrario llamando al método setCapture en una colección de objetos creados, también se conoce como "Uninitialized Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists when calling the setCapture method on a range of objects. When setCapture is called on a collection of specially crafted objects memory becomes corrupted. • http://osvdb.org/54948 http://www.securityfocus.com/archive/1/504205/100/0/threaded http://www.securityfocus.com/bid/35223 http://www.securitytracker.com/id?1022350 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1538 http://www.zerodayinitiative.com/advisories/ZDI-09-036 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval • CWE-399: Resource Management Errors CWE-908: Use of Uninitialized Resource •