CVSS: 9.3EPSS: 72%CPEs: 29EXPL: 0CVE-2009-0554
https://notcve.org/view.php?id=CVE-2009-0554
Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer v5.01 SP4, v6 SP1, v6 y v7 en Windows XP SP2 y SP3, v6 y v7 en Windows Server 2003 SP1 y SP2, v7 en Windows Vista Gold y SP1, y v7 en Windows Server 2008 permite a atacantes remotos ejecutar código de su elección a través de una página web que lanza la presencia de un objeto en memoria que (1) no había sido iniciado adecuadamente o (2) eliminado, también conocido como "Vulnerabilidad de Corrupción de Memoria no Iniciada". • http://secunia.com/advisories/34678 http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm http://www.securitytracker.com/id?1022042 http://www.us-cert.gov/cas/techalerts/TA09-104A.html http://www.vupen.com/english/advisories/2009/1028 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5723 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 22%CPEs: 2EXPL: 0CVE-2009-1043
https://notcve.org/view.php?id=CVE-2009-1043
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. Una vulnerabilidad en Microsoft Internet Explorer 8 sobre Windows 7 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos simplemente haciendo clic en un enlace, como se demostró Nils durante una competición PWN2OWN en CanSecWest 2009. • http://blogs.zdnet.com/security/?p=2934 http://cansecwest.com/index.html http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009 http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits http://dvlabs.tippingpoint.com/blog/2009/03/20/pwn2own-day-2 http://news.cnet.com/8301-1009_3-10199652-83.html http://osvdb.org/52892 http://www.h-online.com/security/Pwn2Own-2009-Safari-IE&# •
CVSS: 9.3EPSS: 97%CPEs: 13EXPL: 6CVE-2009-0075 – Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-0075
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 7 no maneja adecuadamente los errores durante un intento de acceso a los objetos eliminados, esto permite a atacantes remotos ejecutar código de su elección a través de un documento HTML manipulado; está relacionado con CFunctionPointer y la inclusión de objetos de documentos. También se conoce como "Vulnerabilidad de Corrupción de Memoria no Iniciada" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects. When an object is appended and deleted in a specific order memory corruption occurs. • https://www.exploit-db.com/exploits/8077 https://www.exploit-db.com/exploits/8082 https://www.exploit-db.com/exploits/8079 https://www.exploit-db.com/exploits/16555 https://www.exploit-db.com/exploits/8080 https://www.exploit-db.com/exploits/8152 http://osvdb.org/51839 http://www.securityfocus.com/bid/33627 http://www.us-cert.gov/cas/techalerts/TA09-041A.html http://www.vupen.com/english/advisories/2009/0389 http://www.zerodayinitiative.com/advisories/ZDI-09 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 58%CPEs: 14EXPL: 4CVE-2009-0076 – Microsoft Internet Explorer Malformed CSS Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-0076
Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability." Microsoft Internet Explorer 7, cuando usamos XHTML en modo estricto, permite a atacantes remotos ejecutar código de su elección a través de la directiva "zoom style" en conjunción con otras directivas no especificadas en una hoja de estilo en cascada (CSS)en un documento HTML manipulado, también conocido como "Vulnerabilidad de Corrupción de Memoria CSS". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when processing, in XHTML strict mode, a CSS stylesheet containing a specific combination of style directives one of which must be a 'zoom'. The fault in processing results in a memory corruption vulnerability which can be leveraged to execute arbitrary code under the context of the current user. • https://www.exploit-db.com/exploits/8082 https://www.exploit-db.com/exploits/8079 https://www.exploit-db.com/exploits/8080 https://www.exploit-db.com/exploits/8152 http://www.us-cert.gov/cas/techalerts/TA09-041A.html http://www.vupen.com/english/advisories/2009/0389 http://www.zerodayinitiative.com/advisories/ZDI-09-012 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ov • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 21%CPEs: 2EXPL: 1CVE-2009-0341 – Microsoft Internet Explorer 7 - HTML Form Value Denial of Service
https://notcve.org/view.php?id=CVE-2009-0341
The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability. El módulo shell32 en Microsoft Internet Explorer v7.0 en Windows XP SP3 permitiría a atacantes remotos ejecutar código a su elección a través de un atributo largo VALUE en un elemento INPUT, relacionado posiblemente con la vulnerabilidad de vaciado de pila. • https://www.exploit-db.com/exploits/32763 http://www.securityfocus.com/archive/1/500472/100/0/threaded http://www.securityfocus.com/bid/33494 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •