CVSS: 9.3EPSS: 79%CPEs: 31EXPL: 0CVE-2009-1917
https://notcve.org/view.php?id=CVE-2009-1917
Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability." Microsoft Internet Explorer v6 SP1; Internet Explorer 6 para Windows XP SP2 y SP3 y Server 2003 SP2; e Internet Explorer 7 y 8 for Windows XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2, no maneja adecuadamente los intentos de acceso a objetos eliminados de la memoria, lo que permite a atacantes remotos la ejecución de código de su elección a través de un documento HTML manipulado que provoca una corrupción de memoria. También conocida como "Vulnerabilidad de corrupción de Memoria en objetos HTML". • http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=953693 http://www.securityfocus.com/bid/35831 http://www.securitytracker.com/id?1022611 http://www.us-cert.gov/cas/techalerts/TA09-195A.html http://www.vupen.com/english/advisories/2009/2033 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-034 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6072 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 67%CPEs: 31EXPL: 0CVE-2009-1919 – Microsoft Internet Explorer CSS Behavior Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1919
Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via an HTML document containing embedded style sheets that modify unspecified rule properties that cause the behavior element to be "improperly processed," aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer v5.01 SP4 y v6 SP1; Internet Explorer 6 para Windows XP SP2 y SP3 y Server 2003 SP2; e Internet Explorer 7 y 8 for Windows XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2, no maneja adecuadamente los intentos para acceder a objetos eliminados en memoria, lo que permite a atacantes remotos la ejecución de código de su elección a través de un documento HTML manipulado que provoca una corrupción de memoria. También conocida como "Vulnerabilidad de corrupción de Memoria No Inicializada". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when accessing embedded style sheets within an HTML file. • http://www.securityfocus.com/archive/1/505524/100/0/threaded http://www.securitytracker.com/id?1022611 http://www.us-cert.gov/cas/techalerts/TA09-195A.html http://www.vupen.com/english/advisories/2009/2033 http://www.zerodayinitiative.com/advisories/ZDI-09-048 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-034 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5660 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 2%CPEs: 127EXPL: 1CVE-2009-2576
https://notcve.org/view.php?id=CVE-2009-2576
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. Microsoft Internet Explorer v6.0.2900.2180 y anteriores permite a atacantes remotos causar una denegación de servicio (consumo de memoria y CPU) a través de un argumento de cadena de caracteres Unicode larga para el método de escritura, siendo un asunto relacionado con CVE-2009-2479. • http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html http://websecurity.com.ua/3338 http://www.securityfocus.com/archive/1/505092/100/0/threaded http://www.securityfocus.com/archive/1/505120/100/0/threaded http://www.securityfocus.com/archive/1/505122/100/0/threaded • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 4%CPEs: 4EXPL: 2CVE-2009-2536
https://notcve.org/view.php?id=CVE-2009-2536
Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Microsoft Internet Explorer v5 hasta v8 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y colgado de la aplicación) mediante un valor entero grande en la propiedad "length" de un objeto "Select", siendo un asunto relacionado con CVE-2009-1692. • http://www.exploit-db.com/exploits/9160 http://www.g-sec.lu/one-bug-to-rule-them-all.html http://www.securityfocus.com/archive/1/504969/100/0/threaded http://www.securityfocus.com/archive/1/504988/100/0/threaded http://www.securityfocus.com/archive/1/504989/100/0/threaded http://www.securityfocus.com/archive/1/505006/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/52870 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 6%CPEs: 1EXPL: 3CVE-2009-2350 – Microsoft Internet Explorer 6 - 'JavaScript:' URI in 'Refresh' Header Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-2350
Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. Microsoft Internet Explorer v6.0.2900.2180 y anteriores no bloquean el código "javascript": URIs en cabeceras "Refresh" en respuestas HTTP, permitiendo a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) utilizando vectores relacionados con (1) inyectar una cabecera "Refresh" o (2) especificar el contenido de una cabecera "Refresh". Vulnerabilidad relacionado con CVE-2009-1312. • https://www.exploit-db.com/exploits/33063 http://websecurity.com.ua/3275 http://websecurity.com.ua/3386 http://www.securityfocus.com/archive/1/504718/100/0/threaded http://www.securityfocus.com/archive/1/504723/100/0/threaded http://www.securityfocus.com/bid/35570 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •