CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2668
https://notcve.org/view.php?id=CVE-2009-2668
Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attackers to cause a denial of service (CPU consumption) via an XML document composed of a long series of start-tags with no corresponding end-tags, a related issue to CVE-2009-1232. Microsoft Internet Explorer v6 hasta v6.0.2900.2180 y v7 hasta v7.0.6000.16473, permite a atacantes remotos causar una denegación de servicio (consumo CPU) a través de un documento XML compuesto de una serie larga de start-targs que no corresponden con end-tags, relacionado con el asunto CVE-2009-1232. • http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html http://websecurity.com.ua/3216 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-6893
https://notcve.org/view.php?id=CVE-2008-6893
Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Alt-N MDaemon WorldClient v10.0.2, al utilizar Internet Explorer 7, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante una etiqueta "img" modificada. • http://files.altn.com/MDaemon/Release/RelNotes_en.txt http://osvdb.org/50648 http://secunia.com/advisories/32885 http://www.securityfocus.com/bid/32776 https://exchange.xforce.ibmcloud.com/vulnerabilities/47209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 2%CPEs: 3EXPL: 2CVE-2009-2655 – Microsoft Internet Explorer 7/8 - findText Unicode Parsing Crash
https://notcve.org/view.php?id=CVE-2009-2655
mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1. mshtml.dll en Microsoft Internet Explorer v7 y v8 en Windows XP SP3 permite a atacantes remotos provocar una denegación de servicio (finalización de la aplicación) al llamar el método "findText" de código JavaScript con una cadena Unicode modificada en el primer argumento, y sólo un argumento adicional, como se ha comprobado con un segundo argumento con valor -1. • https://www.exploit-db.com/exploits/9253 http://www.exploit-db.com/exploits/9253 http://www.securityfocus.com/bid/35799 https://exchange.xforce.ibmcloud.com/vulnerabilities/52249 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12700 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 95%CPEs: 31EXPL: 0CVE-2009-1918 – Microsoft Internet Explorer getElementsByTagName Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1918
Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability." Microsoft Internet Explorer v5.01 SP4 y v6 SP1; Internet Explorer 6 para Windows XP SP2 y SP3 y Server 2003 SP2; e Internet Explorer 7 y 8 for Windows XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2, no maneja adecuadamente las operaciones con tablas, lo que permite a atacantes remotos la ejecución de código de su elección a través de un documento HTML manipulado que provoca una corrupción de memoria. También conocida como "Vulnerabilidad de corrupción de Memoria en objetos HTML". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the appending of elements to an invalid object. • http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=953693 http://www.securityfocus.com/archive/1/505523/100/0/threaded http://www.securityfocus.com/bid/35826 http://www.securitytracker.com/id?1022611 http://www.us-cert.gov/cas/techalerts/TA09-195A.html http://www.vupen.com/english/advisories/2009/2033 http://www.zerodayinitiative.com/advisories/ZDI-09-047 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-034 https://oval.cisecurity.org/repositor • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 79%CPEs: 31EXPL: 0CVE-2009-1917
https://notcve.org/view.php?id=CVE-2009-1917
Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability." Microsoft Internet Explorer v6 SP1; Internet Explorer 6 para Windows XP SP2 y SP3 y Server 2003 SP2; e Internet Explorer 7 y 8 for Windows XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2, no maneja adecuadamente los intentos de acceso a objetos eliminados de la memoria, lo que permite a atacantes remotos la ejecución de código de su elección a través de un documento HTML manipulado que provoca una corrupción de memoria. También conocida como "Vulnerabilidad de corrupción de Memoria en objetos HTML". • http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=953693 http://www.securityfocus.com/bid/35831 http://www.securitytracker.com/id?1022611 http://www.us-cert.gov/cas/techalerts/TA09-195A.html http://www.vupen.com/english/advisories/2009/2033 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-034 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6072 • CWE-399: Resource Management Errors •