CVE-2009-3270 – Multiple Browsers - 'window.print()' Denial of Service
https://notcve.org/view.php?id=CVE-2009-3270
Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. Microsoft Internet Explorer 7 desde 7.0.6000.16711 permite a atacantes remotos producir una denegación de servicio (navegador inutilizable) mediante una llamada en bucle a la función window.print, también conocido como "ataque DoS de impresión", posiblemente relacionado con CVE-2009-0821. • https://www.exploit-db.com/exploits/12509 http://websecurity.com.ua/2872 http://www.securityfocus.com/archive/1/506328/100/100/threaded http://www.securityfocus.com/bid/79354 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6281 • CWE-400: Uncontrolled Resource Consumption •
CVE-2009-3267
https://notcve.org/view.php?id=CVE-2009-3267
Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828. Microsoft Internet Explorer v6 desde v6.0.2900.2180, y v7.0.6000.16711, permite a atacantes remotos producir una denegación de servicio (consumo de CPU) a través de un envío automático de un formulario que contenga un elemento generador de claves, una vulnerabilidad relacionada con CVE-2009-1828. • http://websecurity.com.ua/3194 http://www.securityfocus.com/archive/1/506328/100/100/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5519 • CWE-400: Uncontrolled Resource Consumption •
CVE-2009-3003
https://notcve.org/view.php?id=CVE-2009-3003
Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. Microsoft Internet Explorer v6 a v8 permiten falsificar la barra de direcciones a atacantes remotos, a través de window.open con una URI relativa, que muestre una dirección URL arbitraria de un sitio web visitado por la víctima, como lo demuestra la visita a una web controlada por el atacante, que lanza un formulario de acceso falso para el sitio que contiene esa página. • http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html http://secunia.com/advisories/36334 https://exchange.xforce.ibmcloud.com/vulnerabilities/53005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12817 •
CVE-2009-2655 – Microsoft Internet Explorer 7/8 - findText Unicode Parsing Crash
https://notcve.org/view.php?id=CVE-2009-2655
mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1. mshtml.dll en Microsoft Internet Explorer v7 y v8 en Windows XP SP3 permite a atacantes remotos provocar una denegación de servicio (finalización de la aplicación) al llamar el método "findText" de código JavaScript con una cadena Unicode modificada en el primer argumento, y sólo un argumento adicional, como se ha comprobado con un segundo argumento con valor -1. • https://www.exploit-db.com/exploits/9253 http://www.exploit-db.com/exploits/9253 http://www.securityfocus.com/bid/35799 https://exchange.xforce.ibmcloud.com/vulnerabilities/52249 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12700 • CWE-20: Improper Input Validation •
CVE-2009-1918 – Microsoft Internet Explorer getElementsByTagName Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1918
Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability." Microsoft Internet Explorer v5.01 SP4 y v6 SP1; Internet Explorer 6 para Windows XP SP2 y SP3 y Server 2003 SP2; e Internet Explorer 7 y 8 for Windows XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2, no maneja adecuadamente las operaciones con tablas, lo que permite a atacantes remotos la ejecución de código de su elección a través de un documento HTML manipulado que provoca una corrupción de memoria. También conocida como "Vulnerabilidad de corrupción de Memoria en objetos HTML". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the appending of elements to an invalid object. • http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=953693 http://www.securityfocus.com/archive/1/505523/100/0/threaded http://www.securityfocus.com/bid/35826 http://www.securitytracker.com/id?1022611 http://www.us-cert.gov/cas/techalerts/TA09-195A.html http://www.vupen.com/english/advisories/2009/2033 http://www.zerodayinitiative.com/advisories/ZDI-09-047 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-034 https://oval.cisecurity.org/repositor • CWE-94: Improper Control of Generation of Code ('Code Injection') •