CVE-2010-3343
https://notcve.org/view.php?id=CVE-2010-3343
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 6 no controla correctamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no se ha iniciado correctamente o (2) se elimina, lo que lleva a la corrupción de memoria, también conocido como "Vulnerabilidad de corrupción de memoria de objetos HTML". • http://www.securitytracker.com/id?1024872 http://www.us-cert.gov/cas/techalerts/TA10-348A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12372 • CWE-908: Use of Uninitialized Resource •
CVE-2010-3340
https://notcve.org/view.php?id=CVE-2010-3340
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 6 y 7 no controla correctamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no se ha iniciado correctamente o (2) se elimina, lo que lleva a la corrupción de memoria, también conocido como "Vulnerabilidad de daños en memoria de objetos HTML" • http://www.securitytracker.com/id?1024872 http://www.us-cert.gov/cas/techalerts/TA10-348A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12204 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-3345 – Microsoft Internet Explorer Recursive Select Element Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3345
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." Microsoft Internet Explorer 8 no maneja correctamente objetos en memoria, permitiendo a atacantes remotos ejecutar código arbitrario mediante el acceso a un objeto que (1) no se ha iniciado correctamente o (2) se ha eliminado, lo que genera una corrupción de memoria, también conocido como "Vulnerabilidad de corrupción de Memoria en un elemento HTML". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support for the select tag. Upon adding a particular element to the select tag, the application will free the contents of the select element and then use it. • http://www.securitytracker.com/id?1024872 http://www.us-cert.gov/cas/techalerts/TA10-348A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11849 • CWE-908: Use of Uninitialized Resource •
CVE-2010-3346 – Microsoft Internet Explorer HTML+Time Element outerText Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3346
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 7 y 8 no manejan correctamente los objetos en memoria, permitiendo a atacantes remotos ejecutar código arbitrario mediante el acceso a un objeto que (1) no se ha iniciado correctamente o (2) es eliminado, lo que genera una corrupción de memoria, también conocido como "vulnerabilidad de corrupción de memoria en un elemento HTML." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must be convinced of visiting a malicious page or opening a malicious file. The specific flaw exists within usage of a particular element that's part of the Timed Interactive Multimedia Extensions component of the browser. By removing an element referenced by a tag used for implementing an animation, the application can be made to access an element that has been previously freed. • http://www.securitytracker.com/id?1024872 http://www.us-cert.gov/cas/techalerts/TA10-348A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12322 • CWE-908: Use of Uninitialized Resource •
CVE-2010-3962 – Microsoft Internet Explorer - Memory Corruption
https://notcve.org/view.php?id=CVE-2010-3962
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. La vulnerabilidad de Uso de la Memoria Previamente Liberada en Microsoft Internet Explorer versiones 6, 7 y 8 permite a los atacantes remotos ejecutar código arbitrario por medio de vectores relacionados con secuencias de tokens de Hojas de Estilo en Cascada (CSS) y el atributo de clip, también se conoce como un problema "invalid flag reference" o "Uninitialized Memory Corruption Vulnerability," tal y como se explotó "in the wild" en noviembre 2010. • https://www.exploit-db.com/exploits/15418 https://www.exploit-db.com/exploits/15421 https://www.exploit-db.com/exploits/16551 http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx http://secunia.com/advisories/42091 http://www.exploit-db.com/exploits/15418 http://www.exploit-db.com/exploits/15421 http://www.kb.cert.org/vuls/id/899748 http://www.microsoft.com/technet/security/advisory/2458511.mspx http://www.securityfocus • CWE-416: Use After Free •