CVSS: 9.3EPSS: 88%CPEs: 2EXPL: 0CVE-2013-3209 – Microsoft Internet Explorer CSegment Object Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3209
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3203, CVE-2013-3206, and CVE-2013-3207. Microsoft Internet Explorer 9 y 10 permiten a atacantes remotos ejecutar código a discrección o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, tambien conocida como "Vulnerabilidad de Corrupción de Memoria en Internet Explorer", una vulnerabilidad diferente a CVE-2013-3201, CVE-2013-3203, CVE-2013-3206, y CVE-2013-3207. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of execCommand("selectAll") and selection.clear which can cause a CSegment object to be freed. The process can be later forced to reuse this pointer resulting in a use-after-free condition. • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18650 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 97%CPEs: 3EXPL: 1CVE-2013-3205 – Microsoft Internet Explorer CCaret Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3205
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 6 a 8 permiten a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Vulnerabilidad de Corrupción de Memoria de Internet Explorer". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of a CCaret object. The process can be made to delete an object resulting in a dangling pointer. • https://www.exploit-db.com/exploits/28481 http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18696 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 88%CPEs: 2EXPL: 0CVE-2013-3845 – Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3845
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 8 y 9 permiten a un atacante remoto ejecutar código a discrección o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, tambien conocida como "Vulnerabilidad de Corrupción de Memoria en Internet Explorer". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of a freed CTreePos object. The process can be forced to reuse a dangling pointer of the object resulting in a use-after-free condition. • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18719 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 14%CPEs: 2EXPL: 1CVE-2013-3846 – Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3846
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CSpliceTreeEngine::InsertSplice object in an HTML document, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143 and CVE-2013-3161. Vunerabilidad de uso de memoria después de liberacion en Microsoft Internet Explorer 9 y 10, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un objeto CSpliceTreeEngine :: InsertSplice manipulado en un documento HTML, también conocido como "Vulnerabilidad de Internet Explorer de corrpucion en la memoria ", una vulnerabilidad diferente a CVE-2013-3143 y CVE-2013-3.161. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within an object created by CSpliceTreeEngine::InsertSplice. The process can be forced to reuse a dangling pointer of the object resulting in a use-after-free condition. • https://www.exploit-db.com/exploits/28187 http://www.zerodayinitiative.com/advisories/ZDI-13-231 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 88%CPEs: 2EXPL: 0CVE-2013-3207 – Microsoft Internet Explorer CBlockElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3207
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3203, CVE-2013-3206, and CVE-2013-3209. Microsoft Internet Explorer 9 y 10 permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupcion de memoria) a través de un sitio web manipulado. Conocido también como "Vulnerabilidad de Corrupción de Memoria de Internet Explorer". Vulnerabilidad diferente a CVE-2013-3201, CVE-2013-3203, CVE-2013-3206,y CVE-2013-3209. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18964 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •