CVSS: 9.3EPSS: 89%CPEs: 5EXPL: 0CVE-2013-3121 – Microsoft Internet Explorer runtimeStyle Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3121
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3139, and CVE-2013-3142. Microsoft Internet Explorer 6 hasta 10 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web especialmente diseñado, también conocido como "Vulnerabilidad de corrupción de memoria en Internet Explorer", una vulnerabilidad diferente a CVE-2013-3112, CVE-2013-3113, CVE-2013-3139, y CVE-2013-3142. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the runtimeStyle processing. After one of its properties are affected, an element can be removed resulting in a use-after-free condition. • http://www.us-cert.gov/ncas/alerts/TA13-168A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16875 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 89%CPEs: 3EXPL: 0CVE-2013-3123 – Microsoft Internet Explorer CCaret Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3123
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3111. Microsoft Internet Explorer 8 hasta 10 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web especialmente diseñado, también conocido como "Vulnerabilidad de corrupción de memoria en Internet Explorer", una vulnerabilidad diferente a CVE-2013-3111. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CCaret object. When triggering the onscroll event, the process can be made to delete a CCaret object resulting in a dangling pointer. • http://www.us-cert.gov/ncas/alerts/TA13-168A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16655 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 89%CPEs: 1EXPL: 0CVE-2013-3125 – Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3125
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3120. Microsoft Internet Explorer 10, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web especialmente diseñado, también conocido como "Vulnerabilidad de corrupción de memoria en Internet Explorer", una vulnerabilidad diferente a CVE-2013-3118 y CVE-2013-3120. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CTreePos objects. The issue lies in the usage of execCommand to undo DOM manipulations. • http://www.us-cert.gov/ncas/alerts/TA13-168A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16858 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 39%CPEs: 2EXPL: 0CVE-2013-3126 – Microsoft Internet Explorer jsdbgui Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3126
Microsoft Internet Explorer 9 and 10, when script debugging is enabled, does not properly handle objects in memory during the processing of script, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Internet Explorer Script Debug Vulnerability." Microsoft Internet Explorer 9 y 10, cuando la depuración de scripts está activada, no maneja adecuadamente los objetos en la memoria durante el proceso de escritura, permitiendo a atacantes remotos ejecutar código arbitrario a través de un sitio web especialmente diseñado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of strings in the Javascript console. By manipulating string objects an attacker can force a sign-extension bug to occur. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16687 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 82%CPEs: 5EXPL: 0CVE-2013-3139
https://notcve.org/view.php?id=CVE-2013-3139
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3142. Microsoft Internet Explorer 6 hasta 10, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web malicioso, también conocido como "Vulnerabilidad de corrupción de memoria en Internet Explorer", una vulnerabilidad diferente a CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, y CVE-2013-3142. • http://www.us-cert.gov/ncas/alerts/TA13-168A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16517 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •