CVSS: 9.3EPSS: 89%CPEs: 1EXPL: 0CVE-2013-3122 – Microsoft Internet Explorer CHtmTagStm Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3122
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3124. Microsoft Internet Explorer 9 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web especialmente diseñado, también conocido como "Vulnerabilidad de corrupción de memoria en Internet Explorer", una vulnerabilidad diferente a CVE-2013-3117 y CVE-2013-3124. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CHtmTagStm objects. By manipulating a document's elements, an attacker can force a dangling pointer to be reused after it has been freed. • http://www.us-cert.gov/ncas/alerts/TA13-168A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16352 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 89%CPEs: 3EXPL: 0CVE-2013-3123 – Microsoft Internet Explorer CCaret Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3123
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3111. Microsoft Internet Explorer 8 hasta 10 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web especialmente diseñado, también conocido como "Vulnerabilidad de corrupción de memoria en Internet Explorer", una vulnerabilidad diferente a CVE-2013-3111. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CCaret object. When triggering the onscroll event, the process can be made to delete a CCaret object resulting in a dangling pointer. • http://www.us-cert.gov/ncas/alerts/TA13-168A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16655 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 89%CPEs: 1EXPL: 0CVE-2013-3124 – Microsoft Internet Explorer SmartDispClient Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3124
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3122. Microsoft Internet Explorer 9 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio especialmente diseñado, también conocido como "Vulnerabilidad de corrupción de memoria en Internet Explorer", una vulnerabilidad diferente a CVE-2013-3117 y CVE-2013-3122. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the document layout formatting. By manipulating a document's elements an attacker can force a type confusion error in the layout process. • http://www.us-cert.gov/ncas/alerts/TA13-168A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16720 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 39%CPEs: 2EXPL: 0CVE-2013-3126 – Microsoft Internet Explorer jsdbgui Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3126
Microsoft Internet Explorer 9 and 10, when script debugging is enabled, does not properly handle objects in memory during the processing of script, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Internet Explorer Script Debug Vulnerability." Microsoft Internet Explorer 9 y 10, cuando la depuración de scripts está activada, no maneja adecuadamente los objetos en la memoria durante el proceso de escritura, permitiendo a atacantes remotos ejecutar código arbitrario a través de un sitio web especialmente diseñado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of strings in the Javascript console. By manipulating string objects an attacker can force a sign-extension bug to occur. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16687 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 82%CPEs: 5EXPL: 0CVE-2013-3139
https://notcve.org/view.php?id=CVE-2013-3139
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3142. Microsoft Internet Explorer 6 hasta 10, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web malicioso, también conocido como "Vulnerabilidad de corrupción de memoria en Internet Explorer", una vulnerabilidad diferente a CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, y CVE-2013-3142. • http://www.us-cert.gov/ncas/alerts/TA13-168A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16517 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •