CVE-2009-1528 – Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1528
Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchronous XMLHttpRequest calls, aka "HTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer versiones 6 y 7 para Windows XP SP2 y SP3; 6 y 7 para el servidor 2003 SP2; 7 para Vista Gold, SP1 y SP2; y 7 para Server 2008 SP2, no sincroniza apropiadamente las peticiones AJAX, lo que permite a los atacantes remotos ejecutar código arbitrario mediante un gran número de llamadas simultáneas, asincrónicas XMLHttpRequest, también se conoce como "HTML Object Memory Corruption Vulnerability." This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exist due to improper AJAX request synchronization in Internet Explorer. When many asynchronous XMLHttpRequest are running concurrently memory corruption can occur that could be remotely exploited by a malicious attacker. • http://osvdb.org/54947 http://www.securityfocus.com/archive/1/504206/100/0/threaded http://www.securityfocus.com/bid/35222 http://www.securitytracker.com/id?1022350 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1538 http://www.zerodayinitiative.com/advisories/ZDI-09-037 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval • CWE-399: Resource Management Errors •
CVE-2009-1529 – Microsoft Internet Explorer setCapture Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1529
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 7 para Windows XP SP2 y SP3; 7 para Server 2003 SP2; 7 para Vista Gold, SP1 y SP2; y 7 para Server 2008 SP2, no maneja apropiadamente los objetos en la memoria, lo que permite a los atacantes remotos ejecutar código arbitrario llamando al método setCapture en una colección de objetos creados, también se conoce como "Uninitialized Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists when calling the setCapture method on a range of objects. When setCapture is called on a collection of specially crafted objects memory becomes corrupted. • http://osvdb.org/54948 http://www.securityfocus.com/archive/1/504205/100/0/threaded http://www.securityfocus.com/bid/35223 http://www.securitytracker.com/id?1022350 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1538 http://www.zerodayinitiative.com/advisories/ZDI-09-036 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval • CWE-399: Resource Management Errors CWE-908: Use of Uninitialized Resource •
CVE-2009-1530 – Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1530
Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en Microsoft Internet Explorer 7 para Windows XP SP2 y SP3; 7 para Server 2003 SP2; 7 para Vista Gold, SP1 y SP2; y 7 para Server 2008 SP2 permite a los atacantes remotos ejecutar código arbitrario mediante la adición repetida de nodos de documentos HTML y el llamado a los Controladores de Eventos, lo que desencadena un acceso de un objeto que (1) no se inicializó apropiadamente o (2) se elimina, también se conoce como "HTML Objects Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when repeatedly calling event handlers after adding nodes of an HTML document. When a specially crafted webpage is repeatedly rendered, memory is improperly reused after it has been freed. • http://osvdb.org/54949 http://www.securityfocus.com/archive/1/504209/100/0/threaded http://www.securitytracker.com/id?1022350 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1538 http://www.zerodayinitiative.com/advisories/ZDI-09-038 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6294 • CWE-399: Resource Management Errors •
CVE-2009-0551
https://notcve.org/view.php?id=CVE-2009-0551
Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability." Microsoft Internet Explorer v6 SP1, v6 y v7 en Windows XP SP2 y SP3, v6 y v7 en Windows Server 2003 SP1 y SP2, v7 en Windows Vista Gold y SP1, y v7 en Windows Server 2008 no maneja adecuadamente errores de transición en una petición a un documento HTTP seguido de una petición a un segundo documento HTTP, lo que permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados (1) múltiples páginas manipuladas en un sitio Web (2) una página Web con líneas de contenido manipulado como publicidad en forma de banner, también conocido como "Vulnerabilidad de Corrupción de Memoria en transición de página". • http://osvdb.org/53624 http://secunia.com/advisories/34678 http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138 http://www.securitytracker.com/id?1022042 http://www.us-cert.gov/cas/techalerts/TA09-104A.html http://www.vupen.com/english/advisories/2009/1028 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre • CWE-399: Resource Management Errors •
CVE-2009-0550
https://notcve.org/view.php?id=CVE-2009-0550
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability." Windows HTTP Services (también conocido como WinHTTP) en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008; y WinINet en Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 y 7 en Windows XP SP2 y SP3, 6 y 7 en Windows Server 2003 SP1 y SP2, 7 en Windows Vista Gold y SP1, y 7 en Windows Server 2008; permite a servidores web remotos capturar y reproducir credenciales NTLM, y ejecutar código de su elección, a través de vectores relacionados con la falta de "protecciones credencial-reflexión" paso opt-in, también conocido como "Vulnerabilidad de Reflexión de Credencial en Servicios HTTP de Windows" y "Vulnerablidad de Reflexión de Credencial WinINet". • http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx http://osvdb.org/53619 http://secunia.com/advisories/34677 http://secunia.com/advisories/34678 http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138 http://www.securityfocus.com/bid/34439 http://www.securitytracker.com/id?1022041 http://www.us-cert.gov/cas/techalerts/TA09-104A.html http://www.vup •