CVSS: 9.3EPSS: 37%CPEs: 61EXPL: 0CVE-2009-2503 – Microsoft Windows GDI+ TIFF Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-2503
13 Oct 2009 — GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and ... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 75%CPEs: 41EXPL: 0CVE-2009-2530 – Microsoft Internet Explorer Event Object Type Double-Free Vulnerability
https://notcve.org/view.php?id=CVE-2009-2530
13 Oct 2009 — Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531. Microsoft Internet Explorer v6, v6 SP1, v7, y v8 no gestiona adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitr... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 75%CPEs: 41EXPL: 0CVE-2009-2531 – Microsoft Internet Explorer writing-mode Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-2531
13 Oct 2009 — Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530. Microsoft Internet Explorer v6, v6 SP1, v7, y v8, no maneja adecuadamente objetos en memoria lo que permite a atacantes remotos ejecutar codigo arbitrario m... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 1CVE-2009-3270 – Multiple Browsers - 'window.print()' Denial of Service
https://notcve.org/view.php?id=CVE-2009-3270
18 Sep 2009 — Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. Microsoft Internet Explorer 7 desde 7.0.6000.16711 permite a atacantes remotos producir una denegación de servicio (navegador inutilizable) mediante una llamada en bucle a la función window.print, también conocido como "ataque DoS de impresión", posiblemente relacion... • https://www.exploit-db.com/exploits/12509 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-3267
https://notcve.org/view.php?id=CVE-2009-3267
18 Sep 2009 — Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828. Microsoft Internet Explorer v6 desde v6.0.2900.2180, y v7.0.6000.16711, permite a atacantes remotos producir una denegación de servicio (consumo de CPU) a través de un envío automático de un formulario que contenga un elemento generador de claves, una vulnerabilidad re... • http://websecurity.com.ua/3194 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 46%CPEs: 5EXPL: 2CVE-2009-3019 – Microsoft Internet Explorer - JavaScript SetAttribute Remote Crash
https://notcve.org/view.php?id=CVE-2009-3019
31 Aug 2009 — Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute. Microsoft Internet Explorer 6 en Windows XP SP2 y SP3, e Internet Explorer 7 en Vista, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de código Javascript que... • https://www.exploit-db.com/exploits/9455 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2009-3003
https://notcve.org/view.php?id=CVE-2009-3003
28 Aug 2009 — Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. Microsoft Internet Explorer v6 a v8 permiten falsificar la barra de direcciones a atacantes remotos, a través de window.open con una URI relativa, que muestre una dirección URL arbitraria... • http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html •
CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0CVE-2009-2954
https://notcve.org/view.php?id=CVE-2009-2954
24 Aug 2009 — Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. Microsoft Internet Explorer v6.0.2900.2180 y anteriores, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU o cuelgue de aplicación) a través de código JavaScript con un valor de cadena larga para la propiedad "hash... • http://websecurity.com.ua/3424 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2668
https://notcve.org/view.php?id=CVE-2009-2668
05 Aug 2009 — Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attackers to cause a denial of service (CPU consumption) via an XML document composed of a long series of start-tags with no corresponding end-tags, a related issue to CVE-2009-1232. Microsoft Internet Explorer v6 hasta v6.0.2900.2180 y v7 hasta v7.0.6000.16473, permite a atacantes remotos causar una denegación de servicio (consumo CPU) a través de un documento XML compuesto de una serie larga de start-targs que n... • http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-6893
https://notcve.org/view.php?id=CVE-2008-6893
03 Aug 2009 — Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Alt-N MDaemon WorldClient v10.0.2, al utilizar Internet Explorer 7, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante una etiqueta "img" modificada. • http://files.altn.com/MDaemon/Release/RelNotes_en.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •