CVSS: 9.3EPSS: 75%CPEs: 41EXPL: 0CVE-2009-2530 – Microsoft Internet Explorer Event Object Type Double-Free Vulnerability
https://notcve.org/view.php?id=CVE-2009-2530
13 Oct 2009 — Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531. Microsoft Internet Explorer v6, v6 SP1, v7, y v8 no gestiona adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitr... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 75%CPEs: 41EXPL: 0CVE-2009-2531 – Microsoft Internet Explorer writing-mode Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-2531
13 Oct 2009 — Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530. Microsoft Internet Explorer v6, v6 SP1, v7, y v8, no maneja adecuadamente objetos en memoria lo que permite a atacantes remotos ejecutar codigo arbitrario m... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 1CVE-2009-3270 – Multiple Browsers - 'window.print()' Denial of Service
https://notcve.org/view.php?id=CVE-2009-3270
18 Sep 2009 — Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. Microsoft Internet Explorer 7 desde 7.0.6000.16711 permite a atacantes remotos producir una denegación de servicio (navegador inutilizable) mediante una llamada en bucle a la función window.print, también conocido como "ataque DoS de impresión", posiblemente relacion... • https://www.exploit-db.com/exploits/12509 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-3267
https://notcve.org/view.php?id=CVE-2009-3267
18 Sep 2009 — Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828. Microsoft Internet Explorer v6 desde v6.0.2900.2180, y v7.0.6000.16711, permite a atacantes remotos producir una denegación de servicio (consumo de CPU) a través de un envío automático de un formulario que contenga un elemento generador de claves, una vulnerabilidad re... • http://websecurity.com.ua/3194 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2009-3003
https://notcve.org/view.php?id=CVE-2009-3003
28 Aug 2009 — Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. Microsoft Internet Explorer v6 a v8 permiten falsificar la barra de direcciones a atacantes remotos, a través de window.open con una URI relativa, que muestre una dirección URL arbitraria... • http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html •
CVSS: 6.5EPSS: 2%CPEs: 3EXPL: 2CVE-2009-2655 – Microsoft Internet Explorer 7/8 - findText Unicode Parsing Crash
https://notcve.org/view.php?id=CVE-2009-2655
03 Aug 2009 — mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1. mshtml.dll en Microsoft Internet Explorer v7 y v8 en Windows XP SP3 permite a atacantes remotos provocar una denegación de servicio (finalización de la aplicación) al llamar el método "findText" de ... • https://www.exploit-db.com/exploits/9253 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 88%CPEs: 31EXPL: 0CVE-2009-1917
https://notcve.org/view.php?id=CVE-2009-1917
29 Jul 2009 — Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability." Microsoft Internet Explorer v6 SP1; Internet Explorer ... • http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=953693 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 95%CPEs: 31EXPL: 0CVE-2009-1918 – Microsoft Internet Explorer getElementsByTagName Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1918
29 Jul 2009 — Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML O... • http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=953693 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 61%CPEs: 31EXPL: 0CVE-2009-1919 – Microsoft Internet Explorer CSS Behavior Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1919
29 Jul 2009 — Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via an HTML document containing embedded style sheets that modify unspecified rule properties that cause the behavior element to be "improper... • http://www.securityfocus.com/archive/1/505524/100/0/threaded • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 4%CPEs: 4EXPL: 2CVE-2009-2536
https://notcve.org/view.php?id=CVE-2009-2536
20 Jul 2009 — Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Microsoft Internet Explorer v5 hasta v8 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y colgado de la aplicación) mediante un valor entero grande en la propiedad "length" de un objeto "Select", siendo un asunto relacionado con CVE-200... • http://www.exploit-db.com/exploits/9160 • CWE-399: Resource Management Errors •