CVSS: 9.3EPSS: 96%CPEs: 99EXPL: 2CVE-2009-1169 – Mozilla Firefox XSL - Parsing Remote Memory Corruption (PoC)
https://notcve.org/view.php?id=CVE-2009-1169
The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform. La función txMozillaXSLTProcessor::TransformToDoc en Firefox anterior a versión 3.0.8 y SeaMonkey anterior a versión 1.1.16, de Mozilla, permite a los atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente ejecute código arbitrario por medio de un archivo XML con una transformación XSLT diseñada. • https://www.exploit-db.com/exploits/8285 http://blogs.zdnet.com/security/?p=3013 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html http://secunia.com/advisories/34471 http://secunia.com/advisories/34486 http://secunia.com/advisories/34505 http://secunia.com/advisories/34510 http://secunia.com/advisories/34511 http://secunia.com/advisories/34521 http://secunia.com/advisories/34527 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 6%CPEs: 2EXPL: 0CVE-2009-1060
https://notcve.org/view.php?id=CVE-2009-1060
Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie Miller during a PWN2OWN competition at CanSecWest 2009. Vulnerabilidad inespecífica en Apple Safari en Mac OS X v10.5.6 permite a atacantes remotos ejecutar código de forma arbitraria a través de vectores desconocidos que se inician cuando se hace click en un enlace, como demostró Charlie Miller durante la competición PWN2OWN en CanSecWest 2009. • http://cansecwest.com/index.html http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009 http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits http://news.cnet.com/8301-1009_3-10199652-83.html http://osvdb.org/52888 http://www.computerworld.com/action/article.do? •
CVSS: 10.0EPSS: 22%CPEs: 2EXPL: 0CVE-2009-1043
https://notcve.org/view.php?id=CVE-2009-1043
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. Una vulnerabilidad en Microsoft Internet Explorer 8 sobre Windows 7 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos simplemente haciendo clic en un enlace, como se demostró Nils durante una competición PWN2OWN en CanSecWest 2009. • p=2934 http://cansecwest.com/index.html http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009 http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits http://dvlabs.tippingpoint.com/blog/2009/03/20/pwn2own-day-2 http://news.cnet.com/8301-1009_3-10199652-83.html http://osvdb.org/52892 http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/n •
CVSS: 9.3EPSS: 6%CPEs: 2EXPL: 0CVE-2009-1042
https://notcve.org/view.php?id=CVE-2009-1042
Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. Vulnerabilidad no especificada en Apple Safari en Mac OS X 10.5.6 permite a atacantes remotos ejecutar código de su elección a través de vécnoes desconocidos, provocados por hacer "clic" en un enlace, como se demostró por Nils durante la competición PWN2OWN en CanSecWest 2009. • p=2934 http://cansecwest.com/index.html http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009 http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits http://news.cnet.com/8301-1009_3-10199652-83.html http://osvdb.org/52888 http://twitter.com/tippingpoint1/status/1351485521 http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889 http:&#x •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2CVE-2009-0723 – LittleCms integer overflow
https://notcve.org/view.php?id=CVE-2009-0723
Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. ... Múltiples desbordamientos de enteros en LittleCMS (también conocido como lcms o liblcms) anteriores a v1.18beta2, como el utilizado en Firefox v3.1beta, OpenJDK, y GIMP, permiten a atacantes dependientes de contexto ejecutar código arbitrario a través de un fichero de imagen manipulado, que provoca un desbordamiento de buffer basada en montículo. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://scary.beasts.org/security/CESA-2009-003.html http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html http://secunia.com/advisories/34367 http://secunia.com/advisories/34382 http://secunia.com/advisories/34400 http://secunia.com/advisories/34408 http://secunia.com/advisories/34418 http://secunia.com/advisories/34442 http://secunia.com/advisories/34450 http://secunia.com/advisories/34454&# • CWE-190: Integer Overflow or Wraparound •