CVSS: 9.3EPSS: 43%CPEs: 40EXPL: 0CVE-2011-0035
https://notcve.org/view.php?id=CVE-2011-0035
10 Feb 2011 — Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036. Microsoft Internet Explorer 6, 7, y 8 no maneja adecuadamente objetos en memoria, lo que permite que atacantes remotos ejecuten código de su elec... • http://osvdb.org/70831 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 43%CPEs: 40EXPL: 0CVE-2011-0036
https://notcve.org/view.php?id=CVE-2011-0036
10 Feb 2011 — Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035. Microsoft Internet Explorer 6, 7 y 8 no controlan correctamente los objetos en la memoria, lo que permite a atac... • http://osvdb.org/70832 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 55%CPEs: 40EXPL: 0CVE-2011-0346
https://notcve.org/view.php?id=CVE-2011-0346
07 Jan 2011 — Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en la función ReleaseInterface de la bibliotec... • http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0698.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 6.5EPSS: 28%CPEs: 14EXPL: 0CVE-2010-3342
https://notcve.org/view.php?id=CVE-2010-3342
16 Dec 2010 — Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348. Microsoft Internet Explorer 6, 7 y 8 no previene el renderizado del contenido cacheado como HTML, lo que permite a atacantes remotos acceder al contenido a través de un (1)dominio distinto o (2) zon... • http://www.securitytracker.com/id?1024872 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 28%CPEs: 22EXPL: 0CVE-2010-3348
https://notcve.org/view.php?id=CVE-2010-3348
16 Dec 2010 — Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342. Microsoft Internet Explorer 6, 7 y 8 no previene el renderizado del contenido cacheado como HTML, lo que permite a atacantes remotos acceder al contenido a través de un (1)dominio distinto o (2) zon... • http://www.securitytracker.com/id?1024872 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 54%CPEs: 22EXPL: 0CVE-2010-3340
https://notcve.org/view.php?id=CVE-2010-3340
16 Dec 2010 — Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 6 y 7 no controla correctamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no se ha iniciado correcta... • http://www.securitytracker.com/id?1024872 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 61%CPEs: 22EXPL: 0CVE-2010-3346 – Microsoft Internet Explorer HTML+Time Element outerText Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3346
14 Dec 2010 — Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 7 y 8 no manejan correctamente los objetos en memoria, permitiendo a atacantes remotos ejecutar código arbitrario mediante el acceso a un objeto que (1) no se ha iniciado correcta... • http://www.securitytracker.com/id?1024872 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 90%CPEs: 22EXPL: 5CVE-2010-3962 – Microsoft Internet Explorer - Memory Corruption
https://notcve.org/view.php?id=CVE-2010-3962
05 Nov 2010 — Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. La vulnerabilidad de Uso de la Memoria Previamente Liberada en Microsoft Internet Explorer versiones 6, 7 y 8 permite a los atacantes remotos ejecutar código arbitra... • https://www.exploit-db.com/exploits/15418 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2010-3985
https://notcve.org/view.php?id=CVE-2010-3985
26 Oct 2010 — Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9.0, when Internet Explorer 6.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS)en HP Operations Orchestration anterior v9.0, cuando usa Internet Explorer v6.0, permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores no especificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02541822 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 29%CPEs: 10EXPL: 0CVE-2010-0808
https://notcve.org/view.php?id=CVE-2010-0808
13 Oct 2010 — Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability." Microsoft Internet Explorer 6 y 7 en Windows XP y Vista no impide la secuencia de comandos simulando la interacción del usuario con la característica de AutoCompletado, lo que permite a atacantes remotos obtener info... • http://support.avaya.com/css/P8/documents/100113324 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •