CVSS: 9.3EPSS: 62%CPEs: 7EXPL: 0CVE-2012-0169
https://notcve.org/view.php?id=CVE-2012-0169
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability." Microsoft Internet Explorer 9 no maneja apropiadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitrario accediendo a un objeto borrado. También conocida como "vulnerabilidad de ejecución de código remota JScript9". • http://osvdb.org/81127 http://www.securityfocus.com/bid/52902 http://www.securitytracker.com/id?1026901 http://www.us-cert.gov/cas/techalerts/TA12-101A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023 https://exchange.xforce.ibmcloud.com/vulnerabilities/74380 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15611 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 94%CPEs: 2EXPL: 0CVE-2012-0170
https://notcve.org/view.php?id=CVE-2012-0170
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnerability." Microsoft Internet Explorer 6 hasta la versión 7 no maneja apropiadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitrario accediendo a un objeto borrado. También conocida como "vulnerabilidad de ejecución de código remota OnReadyStateChange". • http://osvdb.org/81128 http://www.securitytracker.com/id?1026901 http://www.us-cert.gov/cas/techalerts/TA12-101A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023 https://exchange.xforce.ibmcloud.com/vulnerabilities/74381 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15573 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 1%CPEs: 30EXPL: 0CVE-2012-1545
https://notcve.org/view.php?id=CVE-2012-1545
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. Microsoft Internet Explorer v6 a v9, y v10 Consumer Preview, permite a atacantes remotos eludir el modo protegido o causar una denegación de servicio (por corrupción de memoria), aprovechando el acceso a un proceso de baja integridad, como lo demostró VUPEN durante una competencia Pwn2Own en CanSecWest 2012 • http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars http://pwn2own.zerodayinitiative.com/status.html http://twitter.com/vupen/statuses/177895844828291073 http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 96%CPEs: 7EXPL: 0CVE-2012-0155 – Microsoft Internet Explorer VML CDispScroller Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0155
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability." Microsoft Internet Explorer 9 no maneja correctamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a objetos eliminados, también conocido como "VML Remote Code Execution Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the handling of VML element positioning. When appending a VML element to a textArea element a reference to a cDispScroller object can be improperly freed. • http://www.us-cert.gov/cas/techalerts/TA12-045A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-010 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14781 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 96%CPEs: 23EXPL: 0CVE-2012-0011 – Microsoft Internet Explorer CDispNode t:MEDIA Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0011
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability." Microsoft Internet Explorer v7 hasta v9, no maneja apropiadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a objetos borrados, también conocido como "HTML Layout Remote Code Execution Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within MSHTML, specifically the handling of an HTML time t:MEDIA element. A t:MEDIA element can be manipulated such that when the page is refreshed a reference to a freed CDispNode object remains allowing the repurpose of this region. • http://www.us-cert.gov/cas/techalerts/TA12-045A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-010 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14310 • CWE-94: Improper Control of Generation of Code ('Code Injection') •