Page 28 of 637 results (0.009 seconds)

CVSS: 7.8EPSS: 54%CPEs: 11EXPL: 0

CVE-2009-1139

https://notcve.org/view.php?id=CVE-2009-1139

Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability." Fuga de memoria en el servicio LDAP en Active Directory en Microsoft Windows 2000 SP4 y Server 2003 SP2, y Active Directory Application Mode (ADAM) en Windows XP SP2 y SP3 y Server 2003 SP2, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y parada del servicio) a través de (1) LDAP o (2) peticiones LDAPS con filtros OID sin especificar, también conocido como "Vulnerabilidad de fuga de memoria en el Directorio Activo" • http://osvdb.org/54938 http://secunia.com/advisories/35355 http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm http://www.securityfocus.com/bid/35225 http://www.securitytracker.com/id?1022349 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1537 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6253 • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 93%CPEs: 46EXPL: 0

CVE-2009-1529 – Microsoft Internet Explorer setCapture Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2009-1529

Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 7 para Windows XP SP2 y SP3; 7 para Server 2003 SP2; 7 para Vista Gold, SP1 y SP2; y 7 para Server 2008 SP2, no maneja apropiadamente los objetos en la memoria, lo que permite a los atacantes remotos ejecutar código arbitrario llamando al método setCapture en una colección de objetos creados, también se conoce como "Uninitialized Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists when calling the setCapture method on a range of objects. When setCapture is called on a collection of specially crafted objects memory becomes corrupted. • http://osvdb.org/54948 http://www.securityfocus.com/archive/1/504205/100/0/threaded http://www.securityfocus.com/bid/35223 http://www.securitytracker.com/id?1022350 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1538 http://www.zerodayinitiative.com/advisories/ZDI-09-036 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval • CWE-399: Resource Management Errors CWE-908: Use of Uninitialized Resource •

CVSS: 9.3EPSS: 92%CPEs: 46EXPL: 0

CVE-2009-1530 – Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2009-1530

Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en Microsoft Internet Explorer 7 para Windows XP SP2 y SP3; 7 para Server 2003 SP2; 7 para Vista Gold, SP1 y SP2; y 7 para Server 2008 SP2 permite a los atacantes remotos ejecutar código arbitrario mediante la adición repetida de nodos de documentos HTML y el llamado a los Controladores de Eventos, lo que desencadena un acceso de un objeto que (1) no se inicializó apropiadamente o (2) se elimina, también se conoce como "HTML Objects Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when repeatedly calling event handlers after adding nodes of an HTML document. When a specially crafted webpage is repeatedly rendered, memory is improperly reused after it has been freed. • http://osvdb.org/54949 http://www.securityfocus.com/archive/1/504209/100/0/threaded http://www.securitytracker.com/id?1022350 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1538 http://www.zerodayinitiative.com/advisories/ZDI-09-038 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6294 • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 66%CPEs: 22EXPL: 0

CVE-2009-1537

https://notcve.org/view.php?id=CVE-2009-1537

Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability." Vulnerailidad sin especificar en el filtro QuickTime Movie Parser en quartz.dll en DirectShow en Microsoft DirectX v7.0 hasta v9.0c en Windows 2000 SP4, Windows XP SP2 y SP3, y Windows Server 2003 SP2 permite a atacantes remotos ejecutar código de su elección a través de un fichero multimedia QuickTime manipulado, como se ha explotado libremente en Mayo de 2009. • http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx http://isc.sans.org/diary.html?storyid=6481 http://osvdb.org/54797 http://secunia.com/advisories/35268 http://www.microsoft.com/technet/security/advisory/971778.mspx http://www.securityfocus.com/bid/35139 http://www.securitytracker.com/id?1022299 http://www.us •

CVSS: 9.3EPSS: 90%CPEs: 28EXPL: 0

CVE-2009-0551

https://notcve.org/view.php?id=CVE-2009-0551

Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability." Microsoft Internet Explorer v6 SP1, v6 y v7 en Windows XP SP2 y SP3, v6 y v7 en Windows Server 2003 SP1 y SP2, v7 en Windows Vista Gold y SP1, y v7 en Windows Server 2008 no maneja adecuadamente errores de transición en una petición a un documento HTTP seguido de una petición a un segundo documento HTTP, lo que permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados (1) múltiples páginas manipuladas en un sitio Web (2) una página Web con líneas de contenido manipulado como publicidad en forma de banner, también conocido como "Vulnerabilidad de Corrupción de Memoria en transición de página". • http://osvdb.org/53624 http://secunia.com/advisories/34678 http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138 http://www.securitytracker.com/id?1022042 http://www.us-cert.gov/cas/techalerts/TA09-104A.html http://www.vupen.com/english/advisories/2009/1028 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre • CWE-399: Resource Management Errors •