CVE-2010-0805 – Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0805
The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability." El control ActiveX de Tabular Data Control (TDC) en Internet Explorer de Microsoft versiones 5.01 SP4, 6 sobre Windows XP SP2 y SP3, y versión 6 SP1, permite a los atacantes remotos ejecutar código arbitrario por medio de una URL larga (parámetro DataURL) que desencadena corrupción de memoria en la función CTDCCtl::SecurityCHeckDataURL, también se conoce como "Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the Tabular Data Control ActiveX module. Specifically, if provided a malicious DataURL parameter a stack corruption may occur in the function CTDCCtl::SecurityCHeckDataURL. • https://www.exploit-db.com/exploits/12032 https://www.exploit-db.com/exploits/16567 http://securitytracker.com/id?1023773 http://www.securityfocus.com/archive/1/510507/100/0/threaded http://www.securityfocus.com/bid/39025 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 http://www.zerodayinitiative.com/advisories/ZDI-10-034 https://docs.microsoft.com/en-us/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-0491
https://notcve.org/view.php?id=CVE-2010-0491
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability." Vulnerabilidad de uso despues de liberación en Microsoft Internet Explorer 5.01 SP4, 6 y 6 SP1, permite a atacantes remotos ejecutar código de su elección cambiando propiedades no especificadas de un objeto HTML que tiene un gestor de evento "onreadystatechange", también conocido como "HTML Object Memory Corruption Vulnerability." • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=864 http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39027 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8421 • CWE-399: Resource Management Errors •
CVE-2010-1175 – Microsoft Internet Explorer - XML Parsing Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-1175
Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability." Microsoft Internet Explorer v7.0 en Windows XP y Windows Server 2003 permite a atacantes remotos tener un impacto sin especificar a través de ciertos documentos XML que hacen referencia a sitios web modificados en el atributo SRC de un elemento image. Relacionado con una "0day Vulnerability" (vulnerabilidad sin parchear). • https://www.exploit-db.com/exploits/7477 http://www.securityfocus.com/archive/1/510280/100/0/threaded •
CVE-2010-1127
https://notcve.org/view.php?id=CVE-2010-1127
Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement. Microsoft Internet Explorer 6 y 7 no inicializan ciertas estructuras durante la ejecución del método createElement, lo que permite a atacantes remotos provocar una denegación de servicio (desreferenciación de puntero nulo y caída de aplicación) a través de código JavaScript, como se demostró fijando el valor de (1) outerHTML o (2) propiedad valor de un objeto devuelto por createElement. • http://archives.neohapsis.com/archives/bugtraq/2010-01/0237.html http://archives.neohapsis.com/archives/bugtraq/2010-01/0278.html http://securityreason.com/exploitalert/7731 •
CVE-2010-1118
https://notcve.org/view.php?id=CVE-2010-1118
Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. Vulnerabilidad no especificada en Internet Explorer 8 en Microsoft Windows 7 permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, puede que esté relacionado con un problema de uso después de la liberación (use-after-free), como ha demostrado Peter Vreugdenhil en la competición Pwn2Own de CanSecWest 2010. • http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 http://news.cnet.com/8301-27080_3-20001126-245.html http://twitter.com/thezdi/statuses/11003801960 http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/57197 •