CVE-2009-0091
https://notcve.org/view.php?id=CVE-2009-0091
Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability." Microsoft .NET Framework v2.0, v2.0 SP1, y v3.5 no cumple adecuadamente con la limitación de igualdad de tipos en un código .NET, lo que permite a atacantes remotos ejecutar código arbitrario a traves de (1) una aplicación XAML del navegador (XABP), (2) una aplicación ASP.NET manipulada o (3) una aplicación .NET Framework manipulada, también conocido como "Vulnerabilidad de verificación de tipos de .NET". • http://www.us-cert.gov/cas/techalerts/TA09-286A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-061 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6451 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2009-2503 – Microsoft Windows GDI+ TIFF Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-2503
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability." GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web v2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 y SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 no localiza adecuadamente un búfer sin especificar, lo que permite a atacantes remotos ejecutar código arbitrario a través de un fichero de imagen TIFF que inicia una corrupción de memoria, también conocido como "Vulnerabilidad de corrupción de memoria GDI+ TIFF" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a user must open a malicious image file or browse to a malicious website. The specific flaws exist in the GDI+ subsystem when parsing maliciously crafted TIFF files. By supplying a malformed graphic control extension an attacker can trigger an exploitable memory corruption condition. Successful exploitation can result in arbitrary code execution under the credentials of the currently logged in user. • http://www.us-cert.gov/cas/techalerts/TA09-286A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-3842
https://notcve.org/view.php?id=CVE-2008-3842
Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence. Validación de la petición (también conocido como los filtros ValidateRequest) en ASP.NET de Microsoft .NET Framework sin la actualización MS07-040 no detecta correctamente entradas de cliente peligrosas, lo cual permite a atacantes remotos llevar a cabo un ataque de secuencia de comandos en sitios cruzados (XSS), como lo demostrado por una cadena de consulta que contiene una secuencia "</" (menos-que barra invertida). • http://securityreason.com/securityalert/4193 http://www.procheckup.com/PDFs/bypassing-dot-NET-ValidateRequest.pdf http://www.securityfocus.com/archive/1/495667/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/44741 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-3843
https://notcve.org/view.php?id=CVE-2008-3843
Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element. Request Validation (tambien conocida como filtros ValidateRequest) en ASP.NET de Microsoft .NET Framework con la actualización MS07-040, no detecta de forma adecuada las entradas peligrosas de clientes, lo que permite a atacantes, conducir ataques de secuencias de comandos en sitios cruzados (XSS) como se demostró mediante una petición que contenía la cadena "<~/" (menor que, tilde y barra) seguida de un elemento STYLE manipulado. • http://securityreason.com/securityalert/4193 http://www.procheckup.com/PDFs/bypassing-dot-NET-ValidateRequest.pdf http://www.procheckup.com/Vulnerability_PR08-20.php http://www.securityfocus.com/archive/1/495667/100/0/threaded http://www.securityfocus.com/archive/1/496071/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/44743 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-0041
https://notcve.org/view.php?id=CVE-2007-0041
The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow. El servicio PE Loader en Microsoft .NET Framework versiones 1.0, 1.1 y 2.0 para Windows 2000, XP, Server 2003 y Vista, permite a los atacantes remotos ejecutar código arbitrario por medio de vectores no especificados que involucran un "unchecked buffer" y longitudes de mensajes sin invalidar, probablemente un desbordamiento de búfer. • http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html http://osvdb.org/35954 http://secunia.com/advisories/26003 http://www.securityfocus.com/bid/24778 http://www.securitytracker.com/id?1018356 http://www.us-cert.gov/cas/techalerts/TA07-191A.html http://www.vupen.com/english/advisories/2007/2482 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040 https://exchange.xforce.ibmcloud.com/vulnerabilities/34637 https://oval.cisecurity.org/repo • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •