CVSS: 9.3EPSS: 27%CPEs: 8EXPL: 0CVE-2009-4309 – Microsoft Windows Intel Indeo Codec Parsing Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-4309
08 Dec 2009 — Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file. Desbordamiento del búfer de la memoria dinámica en el codec Intel Indeo41 para Windows Media Player en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 permite a atacantes remotos ejecutar código ar... • http://secunia.com/advisories/37592 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 27%CPEs: 8EXPL: 0CVE-2009-4310 – Microsoft Windows Intel Indeo Codec Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-4310
08 Dec 2009 — Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file. Desbordamiento del búfer de la pila en el codec Intel Indeo41 codec para Windows Media Player en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 permite a atacan... • http://secunia.com/advisories/37592 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 58%CPEs: 37EXPL: 0CVE-2009-3671 – Microsoft Internet Explorer XHTML DOM Manipulation Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-3671
08 Dec 2009 — Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674. Microsoft Internet Explorer no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no f... • http://www.securitytracker.com/id?1023293 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.3EPSS: 57%CPEs: 37EXPL: 0CVE-2009-3673 – Microsoft Internet Explorer CSS Race Condition Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-3673
08 Dec 2009 — Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer v7 and v8 no maneja adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue adecuadamente inicializ... • http://www.securitytracker.com/id?1023293 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 61%CPEs: 37EXPL: 0CVE-2009-3674 – Microsoft Internet Explorer IFrame Attributes Circular Reference Dangling Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2009-3674
08 Dec 2009 — Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671. Microsoft Internet Explorer 8 no maneja de manera apropiada objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que ... • http://www.securitytracker.com/id?1023293 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 79%CPEs: 32EXPL: 2CVE-2009-3672 – Microsoft Internet Explorer - Style getElementsByTagName Memory Corruption (MS09-072)
https://notcve.org/view.php?id=CVE-2009-3672
02 Dec 2009 — Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of... • https://www.exploit-db.com/exploits/16547 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 1%CPEs: 17EXPL: 0CVE-2009-1127
https://notcve.org/view.php?id=CVE-2009-1127
11 Nov 2009 — win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability." win32k.sys en el kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server v2003 SP2, Vista Gold, SP1, y SP2, y Server v2008 Gold... • http://www.us-cert.gov/cas/techalerts/TA09-314A.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 68%CPEs: 17EXPL: 0CVE-2009-1928
https://notcve.org/view.php?id=CVE-2009-1928
11 Nov 2009 — Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) on Windows Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via a malformed (1) LDAP or (2) LDAPS request, aka "LSASS Recursive Stack Overflow Vulnerability." Vulnerabilid... • http://www.us-cert.gov/cas/techalerts/TA09-314A.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 1%CPEs: 17EXPL: 0CVE-2009-2513
https://notcve.org/view.php?id=CVE-2009-2513
11 Nov 2009 — The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability." Graphics Device Interface (GDI) en win32k.sys en el kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server v2003 SP2, Vista Gold, SP1, y SP2, y Server v2... • http://www.us-cert.gov/cas/techalerts/TA09-314A.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 81%CPEs: 17EXPL: 1CVE-2009-2514 – Microsoft Windows Server 2000 < 2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065)
https://notcve.org/view.php?id=CVE-2009-2514
11 Nov 2009 — win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability." win32k.sys en el kernel en Microsoft Windows v2000 SP4, XP SP2 y SP3, y Server v2003 SP2 no analiza correctamente el código de fuente durante la construcción de una tabla de entrada de directorio, ... • https://www.exploit-db.com/exploits/10068 • CWE-94: Improper Control of Generation of Code ('Code Injection') •