CVSS: 7.1EPSS: 1%CPEs: 14EXPL: 0CVE-2009-2516
https://notcve.org/view.php?id=CVE-2009-2516
14 Oct 2009 — The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability." El kernel de Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold y SP1, y Server 2008 Gold no valida apropiadamente los datos en... • http://www.nsfocus.com/en/advisories/0903.html • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 58%CPEs: 20EXPL: 0CVE-2009-2525
https://notcve.org/view.php?id=CVE-2009-2525
14 Oct 2009 — Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability." Microsoft Windows Media Runtime, usado en DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder y Au... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 62%CPEs: 7EXPL: 0CVE-2009-2527
https://notcve.org/view.php?id=CVE-2009-2527
14 Oct 2009 — Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability." Desbordamiento de búfer basado en memoria dinámica (heap) en Microsoft Windows Media Player v6.4, permite a atacantes remotos ejecutar código de su elección a través de un archivo ASF manipulado o (2) a través de un contenido para difusión (streaming) manipulado, también conocida como "Vulnerabil... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 56%CPEs: 61EXPL: 0CVE-2009-2528
https://notcve.org/view.php?id=CVE-2009-2528
14 Oct 2009 — GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability." GDI+ en Microsoft Office XP SP3 no maneja adecuadamente los objetos mal formados en Office Art Property Tables, lo que permite a atacantes remotos ejecutar código de su elección a través de un documento de Office manipulado que provoca una corrupci... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 27%CPEs: 41EXPL: 0CVE-2009-2529
https://notcve.org/view.php?id=CVE-2009-2529
14 Oct 2009 — Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability." Microsoft Internet Explorer v5.01 SP4, v6, v6 SP1, v7, y v8 no gestiona adecuadamente la validación de argumentos para un número de variables sin especificar lo que permite a atacantes remotos ejecutar código arbitrario a través de un documentos HTML ma... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 60%CPEs: 40EXPL: 0CVE-2009-0090
https://notcve.org/view.php?id=CVE-2009-0090
14 Oct 2009 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability." Microsoft .NET Framework v1.0 SP3, v1.1 SP1, y v2.0 SP1 no valida adecuadamente el código de .NET, lo que p... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 56%CPEs: 40EXPL: 0CVE-2009-0091
https://notcve.org/view.php?id=CVE-2009-0091
14 Oct 2009 — Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability." Microsoft .NET Framework v2.0, v2.0 SP1, y v3.5 no cumple adecuadamente con la limitación de igualdad de tipos en un código .NET... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 58%CPEs: 7EXPL: 0CVE-2009-2507
https://notcve.org/view.php?id=CVE-2009-2507
14 Oct 2009 — A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability." Cierto control ActiveX en el servicio de indexado de Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 no procesa adecuadamente las URLs, lo que permite a ataca... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html •
CVSS: 9.3EPSS: 54%CPEs: 61EXPL: 0CVE-2009-2503 – Microsoft Windows GDI+ TIFF Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-2503
13 Oct 2009 — GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and ... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 55%CPEs: 41EXPL: 0CVE-2009-2530 – Microsoft Internet Explorer Event Object Type Double-Free Vulnerability
https://notcve.org/view.php?id=CVE-2009-2530
13 Oct 2009 — Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531. Microsoft Internet Explorer v6, v6 SP1, v7, y v8 no gestiona adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitr... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •