CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2011-1246
https://notcve.org/view.php?id=CVE-2011-1246
Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability." Microsoft Internet Explorer 8 no maneja adecuadamente las opciones de contenido en las respuestas HTTP, lo que permite a servidores web remotos obtener información sensible desde distintos (1) domain o (2) zone a través de una respuesta manipulada. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12464 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 30%CPEs: 12EXPL: 0CVE-2011-1251
https://notcve.org/view.php?id=CVE-2011-1251
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability." Microsoft Internet Explorer 8 no maneja adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no haya sido iniciado adecuadamente o (2) es eliminado. También se conoce como "Vulnerabilidad de Corrupción de Memoria en la Manipulación DOM" • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12326 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 30%CPEs: 22EXPL: 0CVE-2011-1254
https://notcve.org/view.php?id=CVE-2011-1254
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability." Microsoft Internet Explorer v6 a la v8 no manejan adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no ha sido iniciado adecuadamente o (2) es borrado. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12368 • CWE-908: Use of Uninitialized Resource •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2011-1258
https://notcve.org/view.php?id=CVE-2011-1258
Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." Microsoft Internet Explorer 6 hasta la 8, no restringe correctamente el script web, permitiendo a atacantes remotos asistidos por el usuario obtener información confidencial de otro (1) dominio o (2) zona a través de vectores que implican una operación de "arrastrar y soltar", también conocido como "Vulnerabilidad de revelación de información de arrastrar y soltar" • http://blogs.technet.com/b/msrc/archive/2011/06/09/june-advance-notification-service-and-10-immutable-laws-revisited.aspx https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12495 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 4.3EPSS: 93%CPEs: 34EXPL: 0CVE-2011-1252 – Microsoft Internet Explorer toStaticHTML Information Disclosure
https://notcve.org/view.php?id=CVE-2011-1252
Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS)en toStaticHTML API en Microsoft Internet Explorer v7 y v8, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de cadenas no especificadas. Microsoft Internet Explorer versions 8 and 9 can have the toStaticHTML function bypassed by a specially formed CSS. • http://www.us-cert.gov/cas/techalerts/TA11-256A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12577 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12885 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •