CVE-2013-1297
https://notcve.org/view.php?id=CVE-2013-1297
Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability." Microsoft Internet Explorer v6 hasta v8 no retringe correctamente el acceso de datos por VBScript, lo que permite a atacantes remotos llevar a cabo lectura de dominios cruzados ("cross-domain") de ficheros JSON mediante un sitio web especialmente diseñado, también conocido como "Vulnerabilidad de revelación de información de un array JSON" • http://www.us-cert.gov/ncas/alerts/TA13-134A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16518 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-1311 – Microsoft Internet Explorer - textNode Use-After-Free (MS13-037)
https://notcve.org/view.php?id=CVE-2013-1311
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." Vulnerabilidad de tipo "usar después de liberar" en Microsoft Internet Explorer v8 permite a atacantes remotos ejecutar código de su elección mediante un sitio web malintencionado que lanza el acceso a un objeto eliminado, también conocido como "Vulnerabilidad de usar después de liberar en Internet Explorer" • https://www.exploit-db.com/exploits/25999 http://www.us-cert.gov/ncas/alerts/TA13-134A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037 • CWE-416: Use After Free •
CVE-2013-1312 – Microsoft Internet Explorer CDOMTextNode Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1312
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." Vulnerabilidad de tipo "usar después de liberar" en Microsoft Internet Explorer v9 y v10 permite a atacantes remotos ejecutar código de su elección mediante un sitio web malintencionado que lanza el acceso a un objeto eliminado, también conocido como "Vulnerabilidad de usar después de liberar en Internet Explorer" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw is due to the way mshtml handles a CDOMTextNode. When using a selection to get focusNode, the process can be made to create a CDOMTextNode and later delete this CDOMTextNode resulting in a dangling pointer. The process can be later forced to reuse this pointer resulting in a use-after-free condition. • http://www.us-cert.gov/ncas/alerts/TA13-134A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16328 • CWE-416: Use After Free •
CVE-2013-1347 – Microsoft Internet Explorer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1347
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013. Microsoft Internet Explorer 8 no maneja adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección cuando acceden al objeto que (1)no se ha asignado adecuadamente o (2) se ha eliminado, como han sido explotadas a lo largo de mayo. This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. • https://www.exploit-db.com/exploits/25294 http://technet.microsoft.com/security/advisory/2847140 http://www.exploit-db.com/exploits/25294 http://www.us-cert.gov/ncas/alerts/TA13-134A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-1338 – Microsoft Internet Explorer VML TextBox Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1338
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1304. Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer del 6 al 10, permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado que genera el acceso a un objeto borrado. aka "Internet Explorer Use After Free Vulnerability", vulnerabilidad distinta de CVE-2013-1303 y CVE-2013-1304. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of a VML textbox. When a dynamic style is defined, it can remove the textbox resulting in a use-after-free condition. • http://www.us-cert.gov/ncas/alerts/TA13-100A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-028 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16621 • CWE-399: Resource Management Errors •