CVE-2010-0555
- EPSS 20.95%
- Veröffentlicht 04.02.2010 20:15:25
- Zuletzt bearbeitet 16.06.2026 23:16:23
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the pro...
CVE-2010-0027
- EPSS 33.99%
- Veröffentlicht 22.01.2010 22:00:00
- Zuletzt bearbeitet 16.06.2026 23:15:16
The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attac...
CVE-2009-2506
- EPSS 31.23%
- Veröffentlicht 09.12.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:36
Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC...
CVE-2009-2508
- EPSS 1.26%
- Veröffentlicht 09.12.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:36
The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate...
- EPSS 17.05%
- Veröffentlicht 09.12.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:36
Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request...
CVE-2009-3671
- EPSS 21.04%
- Veröffentlicht 09.12.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:08
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Unini...
CVE-2009-3673
- EPSS 25.35%
- Veröffentlicht 09.12.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:08
Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka ...
CVE-2009-3674
- EPSS 26.26%
- Veröffentlicht 09.12.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:08
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Unini...
- EPSS 21.82%
- Veröffentlicht 09.12.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:09
The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol ...
CVE-2009-2497
- EPSS 23.25%
- Veröffentlicht 14.10.2009 10:30:01
- Zuletzt bearbeitet 16.06.2026 23:09:35
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser appl...