CVE-2009-3737
https://notcve.org/view.php?id=CVE-2009-3737
The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document. El control ActiveX Oracle Siebel Option Pack para IE no inicializa adecuadamente la memoria que usa el método NewBusObj, lo cual permite a atacantes remotos ejecutar código a su elección a través de documentos HTML manipulados. • http://secunia.com/advisories/40804 http://www.kb.cert.org/vuls/id/174089 http://www.osvdb.org/66926 http://www.vupen.com/english/advisories/2010/2028 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-2118
https://notcve.org/view.php?id=CVE-2010-2118
Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs. Vulnerabilidad en Microsoft Internet Explorer v6.0.2900.2180 y v8.0.7600.16385 permite a atacantes remotos provocar una denegación de servicio (agotamiento de recursos) a través de código JavaScript que contenga un bucle infinito que crea elementos IFRAME a URIs de tipo news:// • http://websecurity.com.ua/4238 http://www.securityfocus.com/archive/1/511509/100/0/threaded • CWE-399: Resource Management Errors •
CVE-2010-1991
https://notcve.org/view.php?id=CVE-2010-1991
Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. Microsoft Internet Explorer v6.0.2900.2180, v7 y v8.0.7600.16385 ejecuta una aplicación mail en situaciones dónde un elemento IFRAME tiene un mailto: URL en su atributo SRC lo que permite a atacantes remotos provocar una denegación del servicio (lanzamiento de demasiadas aplicaciones) a través de un documento HTML con varios elementos IFRAME • http://websecurity.com.ua/4206 http://www.securityfocus.com/archive/1/511327/100/0/threaded • CWE-399: Resource Management Errors •
CVE-2009-2576
https://notcve.org/view.php?id=CVE-2009-2576
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. Microsoft Internet Explorer v6.0.2900.2180 y anteriores permite a atacantes remotos causar una denegación de servicio (consumo de memoria y CPU) a través de un argumento de cadena de caracteres Unicode larga para el método de escritura, siendo un asunto relacionado con CVE-2009-2479. • http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html http://websecurity.com.ua/3338 http://www.securityfocus.com/archive/1/505092/100/0/threaded http://www.securityfocus.com/archive/1/505120/100/0/threaded http://www.securityfocus.com/archive/1/505122/100/0/threaded • CWE-399: Resource Management Errors •
CVE-2009-2433 – Microsoft Internet Explorer - 'AddFavorite' Remote Crash (PoC)
https://notcve.org/view.php?id=CVE-2009-2433
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument. Desbordamiento de búfer basado en pila en el método AddFavorite en Microsoft Internet Explorer permite a atacantes remotos provocar una denegación de servicio (cuelgue de aplicación) y posiblemente tiene otro impacto no especificado a través de una URL larga en el primer argumento. • https://www.exploit-db.com/exploits/9100 http://www.exploit-db.com/exploits/9100 http://www.securityfocus.com/bid/35620 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12829 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •