CVSS: 9.3EPSS: 58%CPEs: 14EXPL: 4CVE-2009-0076 – Microsoft Internet Explorer Malformed CSS Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-0076
Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability." Microsoft Internet Explorer 7, cuando usamos XHTML en modo estricto, permite a atacantes remotos ejecutar código de su elección a través de la directiva "zoom style" en conjunción con otras directivas no especificadas en una hoja de estilo en cascada (CSS)en un documento HTML manipulado, también conocido como "Vulnerabilidad de Corrupción de Memoria CSS". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when processing, in XHTML strict mode, a CSS stylesheet containing a specific combination of style directives one of which must be a 'zoom'. The fault in processing results in a memory corruption vulnerability which can be leveraged to execute arbitrary code under the context of the current user. • https://www.exploit-db.com/exploits/8082 https://www.exploit-db.com/exploits/8079 https://www.exploit-db.com/exploits/8080 https://www.exploit-db.com/exploits/8152 http://www.us-cert.gov/cas/techalerts/TA09-041A.html http://www.vupen.com/english/advisories/2009/0389 http://www.zerodayinitiative.com/advisories/ZDI-09-012 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ov • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 5%CPEs: 1EXPL: 1CVE-2009-0369 – Microsoft Internet Explorer 7 - Clickjacking
https://notcve.org/view.php?id=CVE-2009-0369
Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. Microsoft Internet Explorer 7 permite a los atacantes remotos engañar a los usuarios que visitan arbitrariamente una URL a través de una acción onclick que mueva un elemento manipulado a la posición actual del ratón, en relación a una vulnerabilidad "Clickjacking". • https://www.exploit-db.com/exploits/7912 https://exchange.xforce.ibmcloud.com/vulnerabilities/48542 •
CVSS: 9.3EPSS: 21%CPEs: 2EXPL: 1CVE-2009-0341 – Microsoft Internet Explorer 7 - HTML Form Value Denial of Service
https://notcve.org/view.php?id=CVE-2009-0341
The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability. El módulo shell32 en Microsoft Internet Explorer v7.0 en Windows XP SP3 permitiría a atacantes remotos ejecutar código a su elección a través de un atributo largo VALUE en un elemento INPUT, relacionado posiblemente con la vulnerabilidad de vaciado de pila. • https://www.exploit-db.com/exploits/32763 http://www.securityfocus.com/archive/1/500472/100/0/threaded http://www.securityfocus.com/bid/33494 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 1CVE-2009-0072 – Microsoft Internet Explorer Javascript Denial Of Service
https://notcve.org/view.php?id=CVE-2009-0072
Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element. Microsoft Internet Explorer 6.0 hasta 8.0 beta2 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través del valor del atributo onload=screen[""] en un elemento "BODY". • http://skypher.com/index.php/2009/01/07/msie-screen-null-ptr-dos-details http://www.securityfocus.com/bid/33149 https://exchange.xforce.ibmcloud.com/vulnerabilities/47788 •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5527
https://notcve.org/view.php?id=CVE-2008-5527
ESET Smart Security, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. ESET Smart Security, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un documento HTML colocando una cabecera MZ (alias "EXE info") al principio, y modificar el nombre del archivo a (1 ) sin extensión, (2) una extensión. txt, o (3) una extensión .jpg, como lo demuestra un documento que contiene un exploit CVE-2006-5745. • http://securityreason.com/securityalert/4723 http://www.securityfocus.com/archive/1/498995/100/0/threaded http://www.securityfocus.com/archive/1/499043/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/47435 • CWE-20: Improper Input Validation •