CVE-2009-1335
published 2009-04-17CVE-2009-1335: Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
15.67%
96.4th percentile
Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9hwh-3gx5-xqmh: Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large docume
ghsa_unreviewed·2022-05-02
CVE-2009-1335 [MEDIUM] GHSA-9hwh-3gx5-xqmh: Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large docume
Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr.
Red Hat
openssl: mime_hdr_cmp NULL dereference crash
vendor_redhat·2006-08-29·CVSS 5.0
CVE-2006-7250 [MEDIUM] CWE-476 openssl: mime_hdr_cmp NULL dereference crash
openssl: mime_hdr_cmp NULL dereference crash
The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.
Statement: This issue was corrected in Red Hat Enterprise Linux 5 via RHSA-2009:1335. It did not affect openssl packages shipped with Red Hat Enterprise Linux 6.
Package: openssl (Red Hat Enterprise Linux 4) - Will not fix
Package: openssl096b (Red Hat Enterprise Linux 4) - Will not fix
Package: openssl097a (Red Hat Enterprise Linux 5) - Will not fix
Package: openssl (Red Hat Enterprise Linux 6) - Not affected
Package: openssl098e (Red Hat Enterprise Linux 6) - Not affected
Package: openssl (Red Hat JBoss Enterprise Web Server
Red Hat
openssl: mime_hdr_cmp NULL dereference crash
vendor_redhat·2006-08-29·CVSS 5.0
CVE-2006-7248 [MEDIUM] CWE-476 openssl: mime_hdr_cmp NULL dereference crash
openssl: mime_hdr_cmp NULL dereference crash
No description is available for this CVE.
Statement: This issue was corrected in Red Hat Enterprise Linux 5 via RHSA-2009:1335. It did not affect openssl packages shipped with Red Hat Enterprise Linux 6.
Package: openssl (Red Hat Enterprise Linux 4) - Will not fix
Package: openssl096b (Red Hat Enterprise Linux 4) - Will not fix
Package: openssl (Red Hat Enterprise Linux 5) - Affected
Package: openssl097a (Red Hat Enterprise Linux 5) - Will not fix
Package: openssl (Red Hat Enterprise Linux 6) - Not affected
Package: openssl098e (Red Hat Enterprise Linux 6) - Not affected
Package: openssl (Red Hat JBoss Enterprise Web Server 1) - Not affected
No detection rules found.
Bugzilla
CVE-2006-7250 openssl: mime_hdr_cmp NULL dereference crash
bugzilla·2012-02-28·CVSS 5.0
CVE-2006-7250 [MEDIUM] CVE-2006-7250 openssl: mime_hdr_cmp NULL dereference crash
CVE-2006-7250 openssl: mime_hdr_cmp NULL dereference crash
"openssl smime -verify -in" verifies the signature of the input file and
the "-verify" switch expects a signed or encrypted input file. Previously,
running openssl on an S/MIME file that was not encrypted or signed caused
openssl to segfault. With this update, the input file is now checked for a
signature or encryption. Consequently, openssl now returns an error and
quits when attempting to verify an unencrypted or unsigned S/MIME file.
This was fixed in RHSA-2009:1335:
http://rhn.redhat.com/errata/RHSA-2009-1335.html
Discussion:
Created attachment 566411
openssl PR: 2711 Tolerate bad MIME headers in parser
Patch is from RHEL-6 OpenSSL source RPM
---
This problem was previously reported via (private) bug #472440 and addresse
Bugzilla
clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270)
bugzilla·2009-04-09·CVSS 5.0
CVE-2008-6680 [MEDIUM] clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270)
clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270)
Upstream clamav version 0.95 fixes few security issues:
CVE-2008-6680:
libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause
a denial of service (crash) via a crafted EXE file that triggers a
divide-by-zero error.
Upstream bug:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1335
Upstream fix:
svn diff -c 4980 http://svn.clamav.net/svn/clamav-devel/
CVE-2009-1270:
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to
cause a denial of service (infinite loop) via a crafted file that
causes (1) clamd and (2) clamscan to hang.
Upstream bug:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1462
Upstream fix:
svn diff -c 4981 http://svn.clamav.net/svn/clamav-devel/
Discussion:
For the
http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0111.htmlhttp://www.securityfocus.com/archive/1/502617/100/0/threadedhttp://www.securityfocus.com/bid/34478https://exchange.xforce.ibmcloud.com/vulnerabilities/50350http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0111.htmlhttp://www.securityfocus.com/archive/1/502617/100/0/threadedhttp://www.securityfocus.com/bid/34478https://exchange.xforce.ibmcloud.com/vulnerabilities/50350
2009-04-17
Published