CVE-2009-1674
published 2009-05-18CVE-2009-1674: Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-assisted remote attackers to execute arbitrary code via a long .cof pathname in a…
PriorityP342critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
4.90%
91.0th percentile
Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-assisted remote attackers to execute arbitrary code via a long .cof pathname in a [TOOL_SETTINGS] section in a .mcp file, possibly a related issue to CVE-2009-1608.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microchip | mplab_ide | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2009-3985 Mozilla URL spoofing via invalid document.location
bugzilla·2009-12-11·CVSS 6.8
CVE-2009-3985 [MEDIUM] CVE-2009-3985 Mozilla URL spoofing via invalid document.location
CVE-2009-3985 Mozilla URL spoofing via invalid document.location
Security researcher Jordi Chancel reported an issue similar to one fixed in mfsa2009-44 in which a web page can set document.location to a URL that can't be displayed properly and then inject content into the resulting blank page. An attacker could use this vulnerability to place a legitimate-looking but invalid URL in the location bar and inject HTML and JavaScript into the body of the page, resulting in a spoofing attack.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:1674 https://rhn.redhat.com/errata/RHSA-2009-1674.html
---
firefox-3.5.6-1.fc11, epiphany-extensions-2.26.1-9.fc11, yelp-2.26.0-10.fc11, ruby-gnome2-0.19.3-5.fc11, per
Bugzilla
CVE-2009-3981 Mozilla crashes with evidence of memory corruption
bugzilla·2009-12-11·CVSS 9.3
CVE-2009-3981 [CRITICAL] CVE-2009-3981 Mozilla crashes with evidence of memory corruption
CVE-2009-3981 Mozilla crashes with evidence of memory corruption
Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Jesse Ruderman reported a crash in the browser engine which only affected Firefox 3.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:1674 https://rhn.redhat.com/errata/RHSA-2009-1674.html
2009-05-18
Published