CVSS: 9.3EPSS: 66%CPEs: 61EXPL: 0CVE-2009-3126
https://notcve.org/view.php?id=CVE-2009-3126
14 Oct 2009 — Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, ... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 51%CPEs: 41EXPL: 2CVE-2009-1547 – Microsoft Internet Explorer 5.0.1 - 'deflate' HTTP Content Encoding Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-1547
14 Oct 2009 — Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability." Vulnerabilidad inespecífica en Microsoft Internet Explorer v5.01 SP4, v6, v6 SP1, y v7 permite a atacantes remotos ejecutar código arbitrario a través de cabeceras de flujos de datos manipulados que inician una corrupción de memoria, también conocido como "Vulne... • https://www.exploit-db.com/exploits/33270 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 54%CPEs: 39EXPL: 0CVE-2009-2497
https://notcve.org/view.php?id=CVE-2009-2497
14 Oct 2009 — The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability." La Rutina de Lenguaje Comun (CLR) en Microsoft .NET... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 70%CPEs: 61EXPL: 0CVE-2009-2500
https://notcve.org/view.php?id=CVE-2009-2500
14 Oct 2009 — Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, ... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 61%CPEs: 61EXPL: 0CVE-2009-2501
https://notcve.org/view.php?id=CVE-2009-2501
14 Oct 2009 — Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 49%CPEs: 61EXPL: 0CVE-2009-2502
https://notcve.org/view.php?id=CVE-2009-2502
14 Oct 2009 — Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, W... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.3EPSS: 58%CPEs: 61EXPL: 0CVE-2009-2504
https://notcve.org/view.php?id=CVE-2009-2504
14 Oct 2009 — Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 17%CPEs: 20EXPL: 0CVE-2009-2510
https://notcve.org/view.php?id=CVE-2009-2510
14 Oct 2009 — The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authorit... • http://www.networkworld.com/news/2009/073009-more-holes-found-in-webs.html • CWE-310: Cryptographic Issues •
CVSS: 8.1EPSS: 7%CPEs: 17EXPL: 1CVE-2009-2511 – Microsoft Internet Explorer 8 - X.509 Certificate Common Name Encoding Multiple Security Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-2511
14 Oct 2009 — Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability." Desbordamiento de ... • https://www.exploit-db.com/exploits/33264 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 1%CPEs: 18EXPL: 0CVE-2009-2515
https://notcve.org/view.php?id=CVE-2009-2515
14 Oct 2009 — Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability." Desbordamiento de entero en el kernel en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2 permite a usuar... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-189: Numeric Errors •