CVSS: 9.3EPSS: 96%CPEs: 28EXPL: 1CVE-2009-0553 – Microsoft Internet Explorer - EMBED Memory Corruption (PoC) (MS09-014)
https://notcve.org/view.php?id=CVE-2009-0553
Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6 SP1, 6 y 7 en Windows XP SP2 y SP3, 6 y 7 en Windows Server 2003 SP1 y SP2, 7 en Windows Vista Gold y SP1, y 7 en Windows Server 2008 permite a atacantes remotos ejecutar código de su elección a través de una página web que dispara la presencia de un objeto en memoria que (1) no fue inicializado adecuadamente o (2) borrado, también conocido como "Vulnerabilidad de corrupción de memoria no inicializada". • https://www.exploit-db.com/exploits/8479 http://osvdb.org/53626 http://secunia.com/advisories/34678 http://skypher.com/index.php/2009/04/19/ms09-014-embed-element-memory-corruption http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm http://www.securityfocus.com/bid/34424 http://www.securitytracker.com/id?1022042 http://www.us-cert.gov/cas/techalerts/TA09-104A.html http://www.vupen.com/english/advisories/2009/1028 https://docs.microsoft.com/en-us/security- • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 65%CPEs: 29EXPL: 0CVE-2009-0554
https://notcve.org/view.php?id=CVE-2009-0554
Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer v5.01 SP4, v6 SP1, v6 y v7 en Windows XP SP2 y SP3, v6 y v7 en Windows Server 2003 SP1 y SP2, v7 en Windows Vista Gold y SP1, y v7 en Windows Server 2008 permite a atacantes remotos ejecutar código de su elección a través de una página web que lanza la presencia de un objeto en memoria que (1) no había sido iniciado adecuadamente o (2) eliminado, también conocido como "Vulnerabilidad de Corrupción de Memoria no Iniciada". • http://secunia.com/advisories/34678 http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm http://www.securitytracker.com/id?1022042 http://www.us-cert.gov/cas/techalerts/TA09-104A.html http://www.vupen.com/english/advisories/2009/1028 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5723 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 97%CPEs: 13EXPL: 6CVE-2009-0075 – Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-0075
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 7 no maneja adecuadamente los errores durante un intento de acceso a los objetos eliminados, esto permite a atacantes remotos ejecutar código de su elección a través de un documento HTML manipulado; está relacionado con CFunctionPointer y la inclusión de objetos de documentos. También se conoce como "Vulnerabilidad de Corrupción de Memoria no Iniciada" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects. When an object is appended and deleted in a specific order memory corruption occurs. • https://www.exploit-db.com/exploits/8077 https://www.exploit-db.com/exploits/8082 https://www.exploit-db.com/exploits/8079 https://www.exploit-db.com/exploits/16555 https://www.exploit-db.com/exploits/8080 https://www.exploit-db.com/exploits/8152 http://osvdb.org/51839 http://www.securityfocus.com/bid/33627 http://www.us-cert.gov/cas/techalerts/TA09-041A.html http://www.vupen.com/english/advisories/2009/0389 http://www.zerodayinitiative.com/advisories/ZDI-09 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 58%CPEs: 14EXPL: 4CVE-2009-0076 – Microsoft Internet Explorer Malformed CSS Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-0076
Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability." Microsoft Internet Explorer 7, cuando usamos XHTML en modo estricto, permite a atacantes remotos ejecutar código de su elección a través de la directiva "zoom style" en conjunción con otras directivas no especificadas en una hoja de estilo en cascada (CSS)en un documento HTML manipulado, también conocido como "Vulnerabilidad de Corrupción de Memoria CSS". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when processing, in XHTML strict mode, a CSS stylesheet containing a specific combination of style directives one of which must be a 'zoom'. The fault in processing results in a memory corruption vulnerability which can be leveraged to execute arbitrary code under the context of the current user. • https://www.exploit-db.com/exploits/8082 https://www.exploit-db.com/exploits/8079 https://www.exploit-db.com/exploits/8080 https://www.exploit-db.com/exploits/8152 http://www.us-cert.gov/cas/techalerts/TA09-041A.html http://www.vupen.com/english/advisories/2009/0389 http://www.zerodayinitiative.com/advisories/ZDI-09-012 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ov • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 5%CPEs: 1EXPL: 1CVE-2009-0369 – Microsoft Internet Explorer 7 - Clickjacking
https://notcve.org/view.php?id=CVE-2009-0369
Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. Microsoft Internet Explorer 7 permite a los atacantes remotos engañar a los usuarios que visitan arbitrariamente una URL a través de una acción onclick que mueva un elemento manipulado a la posición actual del ratón, en relación a una vulnerabilidad "Clickjacking". • https://www.exploit-db.com/exploits/7912 https://exchange.xforce.ibmcloud.com/vulnerabilities/48542 •