CVE-2009-1918 – Microsoft Internet Explorer getElementsByTagName Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1918
Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability." Microsoft Internet Explorer v5.01 SP4 y v6 SP1; Internet Explorer 6 para Windows XP SP2 y SP3 y Server 2003 SP2; e Internet Explorer 7 y 8 for Windows XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2, no maneja adecuadamente las operaciones con tablas, lo que permite a atacantes remotos la ejecución de código de su elección a través de un documento HTML manipulado que provoca una corrupción de memoria. También conocida como "Vulnerabilidad de corrupción de Memoria en objetos HTML". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the appending of elements to an invalid object. • http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=953693 http://www.securityfocus.com/archive/1/505523/100/0/threaded http://www.securityfocus.com/bid/35826 http://www.securitytracker.com/id?1022611 http://www.us-cert.gov/cas/techalerts/TA09-195A.html http://www.vupen.com/english/advisories/2009/2033 http://www.zerodayinitiative.com/advisories/ZDI-09-047 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-034 https://oval.cisecurity.org/repositor • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2009-1919 – Microsoft Internet Explorer CSS Behavior Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1919
Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via an HTML document containing embedded style sheets that modify unspecified rule properties that cause the behavior element to be "improperly processed," aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer v5.01 SP4 y v6 SP1; Internet Explorer 6 para Windows XP SP2 y SP3 y Server 2003 SP2; e Internet Explorer 7 y 8 for Windows XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2, no maneja adecuadamente los intentos para acceder a objetos eliminados en memoria, lo que permite a atacantes remotos la ejecución de código de su elección a través de un documento HTML manipulado que provoca una corrupción de memoria. También conocida como "Vulnerabilidad de corrupción de Memoria No Inicializada". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when accessing embedded style sheets within an HTML file. • http://www.securityfocus.com/archive/1/505524/100/0/threaded http://www.securitytracker.com/id?1022611 http://www.us-cert.gov/cas/techalerts/TA09-195A.html http://www.vupen.com/english/advisories/2009/2033 http://www.zerodayinitiative.com/advisories/ZDI-09-048 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-034 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5660 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2009-2576
https://notcve.org/view.php?id=CVE-2009-2576
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. Microsoft Internet Explorer v6.0.2900.2180 y anteriores permite a atacantes remotos causar una denegación de servicio (consumo de memoria y CPU) a través de un argumento de cadena de caracteres Unicode larga para el método de escritura, siendo un asunto relacionado con CVE-2009-2479. • http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html http://websecurity.com.ua/3338 http://www.securityfocus.com/archive/1/505092/100/0/threaded http://www.securityfocus.com/archive/1/505120/100/0/threaded http://www.securityfocus.com/archive/1/505122/100/0/threaded • CWE-399: Resource Management Errors •
CVE-2009-2536
https://notcve.org/view.php?id=CVE-2009-2536
Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Microsoft Internet Explorer v5 hasta v8 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y colgado de la aplicación) mediante un valor entero grande en la propiedad "length" de un objeto "Select", siendo un asunto relacionado con CVE-2009-1692. • http://www.exploit-db.com/exploits/9160 http://www.g-sec.lu/one-bug-to-rule-them-all.html http://www.securityfocus.com/archive/1/504969/100/0/threaded http://www.securityfocus.com/archive/1/504988/100/0/threaded http://www.securityfocus.com/archive/1/504989/100/0/threaded http://www.securityfocus.com/archive/1/505006/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/52870 • CWE-399: Resource Management Errors •
CVE-2009-2064
https://notcve.org/view.php?id=CVE-2009-2064
Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." Microsoft Internet Explorer 8, y posiblemente otras versiones, detecta contenido http en páginas web https solamente en marcos de alto nivel que usan https, lo que permite a los atacantes "hombre en el medio" ejecutar arbitrariamente una secuencia de comandos web, en un contexto de una página https, modificando una página http que incluya un iframe https que referencia a un archivo de secuencia de comandos en un sitio http, relativo a páginas "HTTP-Intended-but-HTTPS-Loadable (HPIHSL)". • http://research.microsoft.com/apps/pubs/default.aspx?id=79323 http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf http://www.securityfocus.com/bid/35403 https://exchange.xforce.ibmcloud.com/vulnerabilities/51186 • CWE-287: Improper Authentication •