CVSS: 9.3EPSS: 60%CPEs: 40EXPL: 0CVE-2009-0090
https://notcve.org/view.php?id=CVE-2009-0090
14 Oct 2009 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability." Microsoft .NET Framework v1.0 SP3, v1.1 SP1, y v2.0 SP1 no valida adecuadamente el código de .NET, lo que p... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 56%CPEs: 40EXPL: 0CVE-2009-0091
https://notcve.org/view.php?id=CVE-2009-0091
14 Oct 2009 — Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability." Microsoft .NET Framework v2.0, v2.0 SP1, y v3.5 no cumple adecuadamente con la limitación de igualdad de tipos en un código .NET... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 54%CPEs: 61EXPL: 0CVE-2009-2503 – Microsoft Windows GDI+ TIFF Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-2503
13 Oct 2009 — GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and ... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 75%CPEs: 13EXPL: 1CVE-2009-1534 – Microsoft OWC Spreadsheet - HTMLURL Buffer Overflow (MS09-043)
https://notcve.org/view.php?id=CVE-2009-1534
12 Aug 2009 — Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability." Desbordamiento de búfer en Office Web Components ActiveX Control en Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server ... • https://www.exploit-db.com/exploits/16542 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 52%CPEs: 7EXPL: 0CVE-2009-1536
https://notcve.org/view.php?id=CVE-2009-1536
12 Aug 2009 — ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability." ASP.NET en Microsoft .NET Framework v2.0 SP1 y SP2 y v3.5 Gold y SP1, cuando ASP 2.0 es usado en modo integrado sobre IIS v7.0, no administra adecuadament... • http://blogs.technet.com/srd/archive/2009/08/11/ms09-035-asp-net-denial-of-service-vulnerability.aspx • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 61%CPEs: 13EXPL: 0CVE-2009-2496 – Microsoft Office OWC10.Spreadsheet ActiveX BorderAround() Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-2496
11 Aug 2009 — Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerabili... • http://www.securitytracker.com/id?1022708 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 42%CPEs: 8EXPL: 0CVE-2009-2495
https://notcve.org/view.php?id=CVE-2009-2495
29 Jul 2009 — The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability." La Active Template Library (ATL) en Microsoft Visu... • http://marc.info/?l=bugtraq&m=126592505426855&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 66%CPEs: 8EXPL: 0CVE-2009-0901
https://notcve.org/view.php?id=CVE-2009-0901
29 Jul 2009 — The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Unin... • http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 64%CPEs: 10EXPL: 0CVE-2008-4252
https://notcve.org/view.php?id=CVE-2008-4252
10 Dec 2008 — The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability." El control ActiveX DataGrid de Microsoft Visual Basic 6.0 y Visual FoxPro 8.0 SP1, y 9.0 SP1 y SP2, no maneja adecuadamente los errores en ... • http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 64%CPEs: 10EXPL: 0CVE-2008-4253
https://notcve.org/view.php?id=CVE-2008-4253
10 Dec 2008 — The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability." El control ActiveX FlexGrid en Microsoft Visual Basic v6.0, Visual FoxPro v8.0 SP1 y v... • http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm • CWE-399: Resource Management Errors •