CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 1CVE-2013-4015 – Microsoft Internet Explorer - CAnchorElement Use-After-Free (MS13-055)
https://notcve.org/view.php?id=CVE-2013-4015
Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code. Microsoft Internet Explorer v6 hasta v10 permite a usuarios locales evitar el chequeo de la politica de elevación de permisos en los mecanismos de protección (1) Protected Mode o (2) Enhanced Protected Mode, y consecuentemente obtener privilegios, haciendo uso de la capacidad de ejecutar código en la sandbox. • https://www.exploit-db.com/exploits/28187 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055 https://exchange.xforce.ibmcloud.com/vulnerabilities/85762 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 86%CPEs: 1EXPL: 1CVE-2013-3152 – Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3152
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3146. Microsoft Internet Explorer 10 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web malicioso, también conocido como "Internet Explorer Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2013-3146. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CTreePos objects. A use-after-free condition can trigger when accessing the innertext property after specific DOM object manipulations. • https://www.exploit-db.com/exploits/28187 http://www.us-cert.gov/ncas/alerts/TA13-190A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16975 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 86%CPEs: 1EXPL: 1CVE-2013-3146 – Microsoft Internet Explorer column-count Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3146
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3152. Microsoft Internet Explorer 10 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web malicioso, también conocido como "Internet Explorer Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2013-3152. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the column-count CSS property. The issue lies in the failure to properly validate input before using it to allocate a buffer on the heap. • https://www.exploit-db.com/exploits/28187 http://www.us-cert.gov/ncas/alerts/TA13-190A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16815 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 95%CPEs: 20EXPL: 1CVE-2013-3163 – Microsoft Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2013-3163
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151. Microsoft Internet Explorer 8 hasta 10 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web malicioso, también conocido como "Internet Explorer Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2013-3144 y CVE-2013-3151. Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website. • https://www.exploit-db.com/exploits/28187 http://www.us-cert.gov/ncas/alerts/TA13-190A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17363 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 86%CPEs: 3EXPL: 1CVE-2013-3144 – Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3144
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3151 and CVE-2013-3163. Microsoft Internet Explorer de la 8 a la 10 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado. Aka "Internet Explorer Memory Corruption Vulnerability," vulnerabilidad distinta de CVE-2013-3151 y CVE-2013-3163. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within specific manipulations of styles to allow for a CElement to dispose of a CTreeNode. • https://www.exploit-db.com/exploits/28187 http://www.us-cert.gov/ncas/alerts/TA13-190A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17024 • CWE-94: Improper Control of Generation of Code ('Code Injection') •