CVSS: 9.3EPSS: 41%CPEs: 5EXPL: 0CVE-2009-2519
https://notcve.org/view.php?id=CVE-2009-2519
The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability." El control ActiveX "DHTML Editing Component" en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 no da formato adecuado a las marcas HTML, permitiendo a atacantes remotos ejecutar código de su elección mediante un sitio web manipulado que provoca una corrupción "system state", también conocido como "DHTML Editing Component ActiveX Control Vulnerability". • http://secunia.com/advisories/36592 http://www.securityfocus.com/bid/36280 http://www.securitytracker.com/id?1022843 http://www.us-cert.gov/cas/techalerts/TA09-251A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-046 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6271 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 83%CPEs: 17EXPL: 0CVE-2009-1926
https://notcve.org/view.php?id=CVE-2009-1926
Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability." Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1 y SP2, y Server 2008 Gold y SP2 permiten a los atacantes remotos provocar una denegación de servicio (interrupción de TCP) por medio de una serie de sesiones TCP que tienen datos pendientes y un tamaño de ventana de recepción (1) pequeña o (2) cero y permanecen en el estado FIN-WAIT-1 o FIN-WAIT-2 indefinidamente, también se conoce como "TCP/IP Orphaned Connections Vulnerability". • http://osvdb.org/57797 http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926 http://www.securityfocus.com/archive/1/506331/100/0/threaded http://www.securityfocus.com/bid/36269 http://www.us-cert.gov/cas/techalerts/TA09-251A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965 •
CVSS: 9.3EPSS: 59%CPEs: 17EXPL: 0CVE-2009-1920 – Microsoft Internet Explorer JScript arguments Invocation Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1920
The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability." El motor de secuencias de comandos JScript v5.1, v5.6, v5.7, y v5.8 en JScript.dll en Microsoft Windows, utilizado en Internet Explorer, no carga apropiadamente dentro de memoria secuencias de comandos decodificada o anteriores a la ejecución, lo que permite a los atacantes remoto ejecutar arbitrariamente código a través de una página web manipulada que lanza una corrupción de memoria, también conocido como "Vulnerabilidad de ejecución remota de código JScript". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when parsing the jscript keyword "arguments". Because the arguments object is not available until a certain time, invoking it can result in memory corruption. • http://www.us-cert.gov/cas/techalerts/TA09-251A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6316 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 97%CPEs: 19EXPL: 6CVE-2009-3023 – Microsoft IIS 5.0 FTP Server (Windows 2000 SP4) - Remote Stack Overflow
https://notcve.org/view.php?id=CVE-2009-3023
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability." Un desbordamiento de búfer en el Servicio FTP en Internet Information Services (IIS) de Microsoft versiones 5.0 hasta 6.0, permite a los usuarios autenticados remotos ejecutar código arbitrario por medio de un comando NLST (LISTA DE NOMBRES) diseñado que utiliza comodines, conllevando a la corrupción de memoria, también se conoce como "IIS FTP Service RCE and DoS Vulnerability". • https://www.exploit-db.com/exploits/9559 https://www.exploit-db.com/exploits/9541 https://www.exploit-db.com/exploits/16740 http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191 http://www.exploit-db.com/exploits/9541 http://www.exploit-db.com/exploits/9559 http://www.kb.cert.org/vuls/id/276653 http://www.securityfocus.com/bid/36189 http://www.us-cert.gov/cas/techalerts/TA09-286A.html http://www.vupen.com/english/advisories/2009/2481 https& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 37%CPEs: 18EXPL: 0CVE-2009-1930
https://notcve.org/view.php?id=CVE-2009-1930
The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834. El servicio Telnet en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2 permite a los servidores Telnet remotos ejecutar arbitrariamente código en máquinas cliente remplazando las credenciales NTLM de un usuario cliente, también conocido como "Vulnerabilidad Reflejo de Credencial Telnet", un asunto relativo a CVE-2000-0834. • http://osvdb.org/56904 http://secunia.com/advisories/36222 http://securitytracker.com/id?1022716 http://www.securityfocus.com/bid/35993 http://www.us-cert.gov/cas/techalerts/TA09-223A.html http://www.vupen.com/english/advisories/2009/2237 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-042 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6302 • CWE-255: Credentials Management Errors •