CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1CVE-2009-3943
https://notcve.org/view.php?id=CVE-2009-3943
Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property. Microsoft Internet Explorer v6 hasta v6.0.2900.2180 y v7 hasta v7.0.6000.16711 permite a atacantes remotos provocar una denegación de servicio (bloqueo de la aplicación) mediante un bucle JavaScript que configura la página de inicio usando el método "setHomePage" y una propiedad DHTML de comportamiento. • http://websecurity.com.ua/3658 http://www.securityfocus.com/archive/1/507731/100/0/threaded http://www.securityfocus.com/archive/1/507760/100/0/threaded •
CVSS: 9.3EPSS: 95%CPEs: 41EXPL: 2CVE-2009-1547 – Microsoft Internet Explorer 5.0.1 - 'deflate' HTTP Content Encoding Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-1547
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability." Vulnerabilidad inespecífica en Microsoft Internet Explorer v5.01 SP4, v6, v6 SP1, y v7 permite a atacantes remotos ejecutar código arbitrario a través de cabeceras de flujos de datos manipulados que inician una corrupción de memoria, también conocido como "Vulnerabilidad de corrupción de cabecera de flujo de datos". Microsoft Internet Explorer suffers from a Content-Encoding: deflate memory corruption vulnerability. • https://www.exploit-db.com/exploits/33270 https://www.exploit-db.com/exploits/9893 http://www.us-cert.gov/cas/techalerts/TA09-286A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-054 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6454 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 23%CPEs: 41EXPL: 0CVE-2009-2529
https://notcve.org/view.php?id=CVE-2009-2529
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability." Microsoft Internet Explorer v5.01 SP4, v6, v6 SP1, v7, y v8 no gestiona adecuadamente la validación de argumentos para un número de variables sin especificar lo que permite a atacantes remotos ejecutar código arbitrario a través de un documentos HTML manipulado, también conocido como "Vulnerabilidad de gestión de componentes HTML". • http://www.us-cert.gov/cas/techalerts/TA09-286A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-054 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6419 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 89%CPEs: 41EXPL: 0CVE-2009-2530 – Microsoft Internet Explorer Event Object Type Double-Free Vulnerability
https://notcve.org/view.php?id=CVE-2009-2530
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531. Microsoft Internet Explorer v6, v6 SP1, v7, y v8 no gestiona adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitrario mediante el acceso a un objeto que (1) no ha sido adecuadamente inicializado o (2) es borrado, lo que lleva a una corrupción de memoria, también conocido como "Vulnerabilidad de memoria no inicializada corrupta", una vulnerabilidad diferente que CVE-2008-2531. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the copy constructor for a specific DOM object. When duplicated, more than one reference can be made of anything assigned to it's properties. • http://www.us-cert.gov/cas/techalerts/TA09-286A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-054 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6190 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 89%CPEs: 41EXPL: 0CVE-2009-2531 – Microsoft Internet Explorer writing-mode Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-2531
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530. Microsoft Internet Explorer v6, v6 SP1, v7, y v8, no maneja adecuadamente objetos en memoria lo que permite a atacantes remotos ejecutar codigo arbitrario mediante el acceso a un objeto que (1) no ha sido adecuadamente inicializado, o (2) es borrado, produciendo un corrupcion de memoria, también conocido como "Vulnerabilidad de corrupción de memoria no inicializada", una vulnerabilidad diferente que CVE-2009-2530. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a user must visit a malicious web page. The specific flaw exists in the parsing of CSS style information. When a writing-mode style is used with a specific combination of HTML tags, memory corruption occurs. • http://www.us-cert.gov/cas/techalerts/TA09-286A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-054 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5766 • CWE-94: Improper Control of Generation of Code ('Code Injection') •