CVSS: 10.0EPSS: 22%CPEs: 2EXPL: 0CVE-2009-1043
https://notcve.org/view.php?id=CVE-2009-1043
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. Una vulnerabilidad en Microsoft Internet Explorer 8 sobre Windows 7 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos simplemente haciendo clic en un enlace, como se demostró Nils durante una competición PWN2OWN en CanSecWest 2009. • http://blogs.zdnet.com/security/?p=2934 http://cansecwest.com/index.html http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009 http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits http://dvlabs.tippingpoint.com/blog/2009/03/20/pwn2own-day-2 http://news.cnet.com/8301-1009_3-10199652-83.html http://osvdb.org/52892 http://www.h-online.com/security/Pwn2Own-2009-Safari-IE&# •
CVSS: 9.3EPSS: 97%CPEs: 13EXPL: 6CVE-2009-0075 – Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-0075
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 7 no maneja adecuadamente los errores durante un intento de acceso a los objetos eliminados, esto permite a atacantes remotos ejecutar código de su elección a través de un documento HTML manipulado; está relacionado con CFunctionPointer y la inclusión de objetos de documentos. También se conoce como "Vulnerabilidad de Corrupción de Memoria no Iniciada" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects. When an object is appended and deleted in a specific order memory corruption occurs. • https://www.exploit-db.com/exploits/8077 https://www.exploit-db.com/exploits/8082 https://www.exploit-db.com/exploits/8079 https://www.exploit-db.com/exploits/16555 https://www.exploit-db.com/exploits/8080 https://www.exploit-db.com/exploits/8152 http://osvdb.org/51839 http://www.securityfocus.com/bid/33627 http://www.us-cert.gov/cas/techalerts/TA09-041A.html http://www.vupen.com/english/advisories/2009/0389 http://www.zerodayinitiative.com/advisories/ZDI-09 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 58%CPEs: 14EXPL: 4CVE-2009-0076 – Microsoft Internet Explorer Malformed CSS Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-0076
Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability." Microsoft Internet Explorer 7, cuando usamos XHTML en modo estricto, permite a atacantes remotos ejecutar código de su elección a través de la directiva "zoom style" en conjunción con otras directivas no especificadas en una hoja de estilo en cascada (CSS)en un documento HTML manipulado, también conocido como "Vulnerabilidad de Corrupción de Memoria CSS". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when processing, in XHTML strict mode, a CSS stylesheet containing a specific combination of style directives one of which must be a 'zoom'. The fault in processing results in a memory corruption vulnerability which can be leveraged to execute arbitrary code under the context of the current user. • https://www.exploit-db.com/exploits/8082 https://www.exploit-db.com/exploits/8079 https://www.exploit-db.com/exploits/8080 https://www.exploit-db.com/exploits/8152 http://www.us-cert.gov/cas/techalerts/TA09-041A.html http://www.vupen.com/english/advisories/2009/0389 http://www.zerodayinitiative.com/advisories/ZDI-09-012 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ov • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 5%CPEs: 1EXPL: 1CVE-2009-0369 – Microsoft Internet Explorer 7 - Clickjacking
https://notcve.org/view.php?id=CVE-2009-0369
Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. Microsoft Internet Explorer 7 permite a los atacantes remotos engañar a los usuarios que visitan arbitrariamente una URL a través de una acción onclick que mueva un elemento manipulado a la posición actual del ratón, en relación a una vulnerabilidad "Clickjacking". • https://www.exploit-db.com/exploits/7912 https://exchange.xforce.ibmcloud.com/vulnerabilities/48542 •
CVSS: 9.3EPSS: 21%CPEs: 2EXPL: 1CVE-2009-0341 – Microsoft Internet Explorer 7 - HTML Form Value Denial of Service
https://notcve.org/view.php?id=CVE-2009-0341
The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability. El módulo shell32 en Microsoft Internet Explorer v7.0 en Windows XP SP3 permitiría a atacantes remotos ejecutar código a su elección a través de un atributo largo VALUE en un elemento INPUT, relacionado posiblemente con la vulnerabilidad de vaciado de pila. • https://www.exploit-db.com/exploits/32763 http://www.securityfocus.com/archive/1/500472/100/0/threaded http://www.securityfocus.com/bid/33494 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •