CVSS: 9.3EPSS: 81%CPEs: 37EXPL: 0CVE-2009-3671 – Microsoft Internet Explorer XHTML DOM Manipulation Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-3671
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674. Microsoft Internet Explorer no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue inicializado adecuadamente o (2) es borrado, provocando una corrupción de memoria, conocido como "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a user must visit a malicious web page. The specific flaw exists in the manipulation and parsing of certain HTML tags. The ordering of various objects in a malformed way results in memory corruption resulting in a call to a dangling pointer which can be further leveraged via a heap spray. • http://www.securitytracker.com/id?1023293 http://www.us-cert.gov/cas/techalerts/TA09-342A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6382 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2009-4073
https://notcve.org/view.php?id=CVE-2009-4073
The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page. La funcionalidad de impresión en Microsoft Internet Explorer 8 permite a atacantes remotos descubrir un nombre de archivo y probablemente descubrir un usuario local, por la lectura del dc: pequeño elemento de un documento PDF que fue generado desde una página web local. • http://osvdb.org/60504 http://secunia.com/advisories/37362 http://securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths http://www.securityfocus.com/archive/1/508010/100/0/threaded http://www.theregister.co.uk/2009/11/23/internet_explorer_file_disclosure_bug https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12355 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1CVE-2009-3943
https://notcve.org/view.php?id=CVE-2009-3943
Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property. Microsoft Internet Explorer v6 hasta v6.0.2900.2180 y v7 hasta v7.0.6000.16711 permite a atacantes remotos provocar una denegación de servicio (bloqueo de la aplicación) mediante un bucle JavaScript que configura la página de inicio usando el método "setHomePage" y una propiedad DHTML de comportamiento. • http://websecurity.com.ua/3658 http://www.securityfocus.com/archive/1/507731/100/0/threaded http://www.securityfocus.com/archive/1/507760/100/0/threaded •
CVSS: 9.3EPSS: 95%CPEs: 41EXPL: 2CVE-2009-1547 – Microsoft Internet Explorer 5.0.1 - 'deflate' HTTP Content Encoding Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-1547
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability." Vulnerabilidad inespecífica en Microsoft Internet Explorer v5.01 SP4, v6, v6 SP1, y v7 permite a atacantes remotos ejecutar código arbitrario a través de cabeceras de flujos de datos manipulados que inician una corrupción de memoria, también conocido como "Vulnerabilidad de corrupción de cabecera de flujo de datos". Microsoft Internet Explorer suffers from a Content-Encoding: deflate memory corruption vulnerability. • https://www.exploit-db.com/exploits/33270 https://www.exploit-db.com/exploits/9893 http://www.us-cert.gov/cas/techalerts/TA09-286A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-054 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6454 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 23%CPEs: 41EXPL: 0CVE-2009-2529
https://notcve.org/view.php?id=CVE-2009-2529
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability." Microsoft Internet Explorer v5.01 SP4, v6, v6 SP1, v7, y v8 no gestiona adecuadamente la validación de argumentos para un número de variables sin especificar lo que permite a atacantes remotos ejecutar código arbitrario a través de un documentos HTML manipulado, también conocido como "Vulnerabilidad de gestión de componentes HTML". • http://www.us-cert.gov/cas/techalerts/TA09-286A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-054 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6419 • CWE-94: Improper Control of Generation of Code ('Code Injection') •