CVSS: 9.3EPSS: 92%CPEs: 46EXPL: 0CVE-2009-1530 – Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1530
Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en Microsoft Internet Explorer 7 para Windows XP SP2 y SP3; 7 para Server 2003 SP2; 7 para Vista Gold, SP1 y SP2; y 7 para Server 2008 SP2 permite a los atacantes remotos ejecutar código arbitrario mediante la adición repetida de nodos de documentos HTML y el llamado a los Controladores de Eventos, lo que desencadena un acceso de un objeto que (1) no se inicializó apropiadamente o (2) se elimina, también se conoce como "HTML Objects Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when repeatedly calling event handlers after adding nodes of an HTML document. When a specially crafted webpage is repeatedly rendered, memory is improperly reused after it has been freed. • http://osvdb.org/54949 http://www.securityfocus.com/archive/1/504209/100/0/threaded http://www.securitytracker.com/id?1022350 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1538 http://www.zerodayinitiative.com/advisories/ZDI-09-038 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6294 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 86%CPEs: 12EXPL: 0CVE-2009-1532 – Microsoft Internet Explorer 8 Rows Property Dangling Pointer Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-1532
Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed row property references" that trigger an access of an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Objects Memory Corruption Vulnerability" or "HTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 8 para Windows XP SP2 y SP3; 8 para Server 2003 SP2; 8 para Vista Gold, SP1 y SP2; y 8 para Server 2008 SP2 no maneja apropiadamente los objetos en la memoria, lo que permite a los atacantes remotos ejecutar código arbitrario por medio de "malformed row property references" que desencadenan un acceso de un objeto que (1) no se inicializó apropiadamente o (2) se elimina, lo que conlleva a corrupción de la memoria, también se conoce como "HTML Objects Memory Corruption Vulnerability" o "HTML Object Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 8. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the rendering of an HTML page with malformed row property references, resulting in a dangling pointer which can be abused to execute arbitrary code. Internet Explorer 7 is not affected. • http://osvdb.org/54951 http://www.securityfocus.com/archive/1/504208/100/0/threaded http://www.securitytracker.com/id?1022350 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1538 http://www.zerodayinitiative.com/advisories/ZDI-09-041 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6244 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 1CVE-2009-1335 – Microsoft Internet Explorer 8 - File Download Denial of Service
https://notcve.org/view.php?id=CVE-2009-1335
Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr. Microsoft Internet Explorer 7 y 8 en Windows XP y Vista permiten a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante un documento de gran tamaño formado por caracteres no imprimibles, también conocido como MSRC 9011jr. • https://www.exploit-db.com/exploits/32902 http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0111.html http://www.securityfocus.com/archive/1/502617/100/0/threaded http://www.securityfocus.com/bid/34478 https://exchange.xforce.ibmcloud.com/vulnerabilities/50350 •
CVSS: 10.0EPSS: 22%CPEs: 2EXPL: 0CVE-2009-1043
https://notcve.org/view.php?id=CVE-2009-1043
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. Una vulnerabilidad en Microsoft Internet Explorer 8 sobre Windows 7 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos simplemente haciendo clic en un enlace, como se demostró Nils durante una competición PWN2OWN en CanSecWest 2009. • http://blogs.zdnet.com/security/?p=2934 http://cansecwest.com/index.html http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009 http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits http://dvlabs.tippingpoint.com/blog/2009/03/20/pwn2own-day-2 http://news.cnet.com/8301-1009_3-10199652-83.html http://osvdb.org/52892 http://www.h-online.com/security/Pwn2Own-2009-Safari-IE&# •
CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 1CVE-2009-0072 – Microsoft Internet Explorer Javascript Denial Of Service
https://notcve.org/view.php?id=CVE-2009-0072
Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element. Microsoft Internet Explorer 6.0 hasta 8.0 beta2 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través del valor del atributo onload=screen[""] en un elemento "BODY". • http://skypher.com/index.php/2009/01/07/msie-screen-null-ptr-dos-details http://www.securityfocus.com/bid/33149 https://exchange.xforce.ibmcloud.com/vulnerabilities/47788 •