CVSS: 9.3EPSS: 57%CPEs: 46EXPL: 0CVE-2009-1529 – Microsoft Internet Explorer setCapture Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1529
10 Jun 2009 — Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 7 para Windows XP SP2 y SP3; 7 para Server 2003 SP2; 7 para Vista Gold, SP1 y SP2; y 7 para Server 2008 SP2, no maneja apro... • http://osvdb.org/54948 • CWE-399: Resource Management Errors CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 67%CPEs: 46EXPL: 0CVE-2009-1530 – Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1530
10 Jun 2009 — Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en Microsoft Inter... • http://osvdb.org/54949 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 65%CPEs: 17EXPL: 1CVE-2008-4029 – Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)
https://notcve.org/view.php?id=CVE-2008-4029
12 Nov 2008 — Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability." Vulnerabilidad de dominios cruzados en Microsoft XML Core Services v3.0 y v4.0, como lo utilizado en Internet Explorer, permite a atacantes remotos obtener información sensible de otro dominio a través... • https://www.exploit-db.com/exploits/7196 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 8%CPEs: 1EXPL: 1CVE-2008-4323 – Microsoft Windows Explorer - '.zip' Denial of Service
https://notcve.org/view.php?id=CVE-2008-4323
29 Sep 2008 — Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file. El navegador Windows Explorer en Microsoft Windows XP SP3 permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio (finalización de la aplicación) mediante un fichero .ZIP manipulado. • https://www.exploit-db.com/exploits/6616 •
CVSS: 9.3EPSS: 63%CPEs: 9EXPL: 0CVE-2008-1092
https://notcve.org/view.php?id=CVE-2008-1092
25 Mar 2008 — Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026. Un desbordamiento de búfer en la biblioteca msjet40.dll anterior a la versión 4.0.9505.0 en el Motor de Base de datos de Microsoft Jet permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo de Word ... • http://marc.info/?l=bugtraq&m=121129490723574&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2006-7039
https://notcve.org/view.php?id=CVE-2006-7039
23 Feb 2007 — The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field. El servicio IMAP4 en MERCUR Messaging 2005 anterior a Service Pack 4 permite a atacantes remotos provocar denegación de servicio (caida) a través de un mensaje con un campo subject. • http://secunia.com/advisories/20432 •
CVSS: 9.3EPSS: 71%CPEs: 45EXPL: 3CVE-2006-0005 – Microsoft Windows Media Player - Plugin Overflow (MS06-006)
https://notcve.org/view.php?id=CVE-2006-0005
14 Feb 2006 — Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute. • https://www.exploit-db.com/exploits/1520 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •