CVE-2011-1346 – Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability
https://notcve.org/view.php?id=CVE-2011-1346
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. Vulnerabilidad sin especificar en Microsoft Internet Explorer 8 en Windows 7 permite a atacantes remotos ejecutar código arbitrario a través de vectores de ataque desconocido, como ha demostrado Stephen Fewer con la segunda de las tres vulnerabilidades encadenadas durante el concurso Pwn2Own en la CanSecWest 2011. This vulnerability allows remote attackers to leak information on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Internet Explorer that allows malicious users to leak information about the memory layout of an Internet Explorer process. When creating a new 'Option' HTML Element, the 'index' field of the object is not set to zero and can be used to leak the location of the global variable table. • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 http://twitter.com/aaronportnoy/statuses/45642180118855680 http://twitter.com/msftsecresponse/statuses/45646985998516224 http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own http://www.securityfocus.com/bid/46821 http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367 https://exchange.xforce.ibmcloud.com/vulnerabilities/66063 https://threatpost.com/en_us/blogs/pwn2own-w •
CVE-2011-1345 – Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1345
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability." Vulnerabilidad sin especificar en Microsoft Internet Explorer 8 en Windows 7 permite a atacantes remotos ejecutar código arbitrario a través de vectores de ataque desconocidos, como ha demostrado Stephen Fewer con la primera de las tres vulnerabilidades encadenadas durante el concurso Pwn2Own en la CanSecWest 2011. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles onPropertyChange function calls. When the onPropertyChange event handler is set to an object's attribute collection, it fails to keep an accurate reference counter to the event object. • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 http://twitter.com/aaronportnoy/statuses/45642180118855680 http://twitter.com/msftsecresponse/statuses/45646985998516224 http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own http://www.securityfocus.com/bid/46821 http://www.securitytracker.com/id?1025327 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367 h •
CVE-2011-1347 – Microsoft Internet Explorer Protected Mode Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2011-1347
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. Vulnerabilidad sin especificar en Microsoft Internet Explorer 8 en Windows 7 permite a atacantes remotos evitar el modo protegido ("Protected Mode") y crear archivos arbitrarios utilizando el acceso a un proceso de baja integridad, como ha demostrado Stephen Fewer en una de las tres vulnerabilidades encadenadas durante el concurso Pwn2Own y CanSecWest 2011. This vulnerability allows remote attackers to escape Protected Mode on vulnerable installations of Internet Explorer. Internet Explorer Protected Mode consists of a Medium Integrity and a Low Integrity process. The Low Integrity process is only allowed to write to special Low Integrity locations. File written there are marked as Low Integrity files. • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 http://twitter.com/aaronportnoy/statuses/45642180118855680 http://twitter.com/msftsecresponse/statuses/45646985998516224 http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own http://www.securityfocus.com/bid/46821 http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057 https://exchange.xfor •
CVE-2011-0035
https://notcve.org/view.php?id=CVE-2011-0035
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036. Microsoft Internet Explorer 6, 7, y 8 no maneja adecuadamente objetos en memoria, lo que permite que atacantes remotos ejecuten código de su elección accediendo al objeto que (1) no fue actualizado adecuadamente o (2) es borrado, permitiendo una corrupción de memoria, también conocido como "Uninitialized Memory Corruption Vulnerability," una vulnerabilidad diferente a CVE-2010-2556 y CVE-2011-0036. • http://osvdb.org/70831 http://support.avaya.com/css/P8/documents/100127294 http://www.securityfocus.com/bid/46157 http://www.securitytracker.com/id?1025038 http://www.vupen.com/english/advisories/2011/0318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003 https://exchange.xforce.ibmcloud.com/vulnerabilities/64911 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12371 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2011-0036
https://notcve.org/view.php?id=CVE-2011-0036
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035. Microsoft Internet Explorer 6, 7 y 8 no controlan correctamente los objetos en la memoria, lo que permite a atacantes remotos ejecutar código arbitrario mediante el acceso a un objeto que (1) no se ha inicializado correctamente o (2) se ha eliminado, lo que provoca que la memoria se corrompa. Esta vulnerabilidad está relacionada con un "dangling pointer" o "Uninitialized Memory Corruption Vulnerability", que es una vulnerabilidad diferente de CVE-2010-2556 y CVE-2011-0035. • http://osvdb.org/70832 http://support.avaya.com/css/P8/documents/100127294 http://www.securityfocus.com/bid/46158 http://www.securitytracker.com/id?1025038 http://www.vupen.com/english/advisories/2011/0318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003 https://exchange.xforce.ibmcloud.com/vulnerabilities/64912 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12261 • CWE-94: Improper Control of Generation of Code ('Code Injection') •