CVE-2009-2057
https://notcve.org/view.php?id=CVE-2009-2057
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. Microsoft Internet Explorer anteriores a v8 utiliza una cabecera HTTP Host para determinar el contexto de un documento proporcionado por una respuesta de CONEXIÓN (1) 4xx o (2) 5xx desde un servidor proxy, lo que permite a los atacantes "hombre en el medio" ejecutar arbitrariamente una secuencia de comandos web modificando la respuesta CONEXIÓN, también conocida como un ataque "forzado SSL". • http://research.microsoft.com/apps/pubs/default.aspx?id=79323 http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf • CWE-287: Improper Authentication •
CVE-2009-2069
https://notcve.org/view.php?id=CVE-2009-2069
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. Microsoft Internet Explorer anterior a 8 muestra un certificado cacheado para una página de respuesta CONEXIÓN (1) 4xx o (2) 5xx por un servidor proxy, lo que permite a los atacantes "hombre en el medio" suplantar una página https permitiendo al navegador obtener un certificado válido desde esta página, durante una petición, y enviando al navegador una página de repuesta 502 manipulada sobre la subsiguiente petición. • http://research.microsoft.com/apps/pubs/default.aspx?id=79323 http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf http://www.securityfocus.com/bid/35411 • CWE-287: Improper Authentication •
CVE-2009-1140 – Microsoft Internet Explorer 5.0.1 - Cached Content Cross Domain Information Disclosure
https://notcve.org/view.php?id=CVE-2009-1140
Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability." Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 y 7 en Windows XP SP2 y SP3; 6 y 7 en Server 2003 SP2; 7 en Vista Gold, SP1 y SP2; y 7 en Server 2008 SP2; no impide la renderización HTML de los contenidos cacheados, esto permite a atacantes remotos evitar la política de mismo origen -Same Origin Policy- mediante vectores no especificados. También se conoce como "Vulnerabilidad de Revelación de Información en Dominios Cruzados" • https://www.exploit-db.com/exploits/33024 http://www.securitytracker.com/id?1022350 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1538 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6278 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-1529 – Microsoft Internet Explorer setCapture Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1529
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 7 para Windows XP SP2 y SP3; 7 para Server 2003 SP2; 7 para Vista Gold, SP1 y SP2; y 7 para Server 2008 SP2, no maneja apropiadamente los objetos en la memoria, lo que permite a los atacantes remotos ejecutar código arbitrario llamando al método setCapture en una colección de objetos creados, también se conoce como "Uninitialized Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists when calling the setCapture method on a range of objects. When setCapture is called on a collection of specially crafted objects memory becomes corrupted. • http://osvdb.org/54948 http://www.securityfocus.com/archive/1/504205/100/0/threaded http://www.securityfocus.com/bid/35223 http://www.securitytracker.com/id?1022350 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1538 http://www.zerodayinitiative.com/advisories/ZDI-09-036 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval • CWE-399: Resource Management Errors CWE-908: Use of Uninitialized Resource •
CVE-2009-1530 – Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1530
Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en Microsoft Internet Explorer 7 para Windows XP SP2 y SP3; 7 para Server 2003 SP2; 7 para Vista Gold, SP1 y SP2; y 7 para Server 2008 SP2 permite a los atacantes remotos ejecutar código arbitrario mediante la adición repetida de nodos de documentos HTML y el llamado a los Controladores de Eventos, lo que desencadena un acceso de un objeto que (1) no se inicializó apropiadamente o (2) se elimina, también se conoce como "HTML Objects Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when repeatedly calling event handlers after adding nodes of an HTML document. When a specially crafted webpage is repeatedly rendered, memory is improperly reused after it has been freed. • http://osvdb.org/54949 http://www.securityfocus.com/archive/1/504209/100/0/threaded http://www.securitytracker.com/id?1022350 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1538 http://www.zerodayinitiative.com/advisories/ZDI-09-038 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6294 • CWE-399: Resource Management Errors •