CVSS: 9.3EPSS: 83%CPEs: 40EXPL: 0CVE-2011-0035
https://notcve.org/view.php?id=CVE-2011-0035
10 Feb 2011 — Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036. Microsoft Internet Explorer 6, 7, y 8 no maneja adecuadamente objetos en memoria, lo que permite que atacantes remotos ejecuten código de su elec... • http://osvdb.org/70831 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 86%CPEs: 40EXPL: 0CVE-2011-0346
https://notcve.org/view.php?id=CVE-2011-0346
07 Jan 2011 — Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en la función ReleaseInterface de la bibliotec... • http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0698.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 6.5EPSS: 8%CPEs: 22EXPL: 0CVE-2010-3348
https://notcve.org/view.php?id=CVE-2010-3348
16 Dec 2010 — Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342. Microsoft Internet Explorer 6, 7 y 8 no previene el renderizado del contenido cacheado como HTML, lo que permite a atacantes remotos acceder al contenido a través de un (1)dominio distinto o (2) zon... • http://www.securitytracker.com/id?1024872 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 8%CPEs: 14EXPL: 0CVE-2010-3342
https://notcve.org/view.php?id=CVE-2010-3342
16 Dec 2010 — Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348. Microsoft Internet Explorer 6, 7 y 8 no previene el renderizado del contenido cacheado como HTML, lo que permite a atacantes remotos acceder al contenido a través de un (1)dominio distinto o (2) zon... • http://www.securitytracker.com/id?1024872 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 88%CPEs: 22EXPL: 0CVE-2010-3340
https://notcve.org/view.php?id=CVE-2010-3340
16 Dec 2010 — Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 6 y 7 no controla correctamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no se ha iniciado correcta... • http://www.securitytracker.com/id?1024872 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 66%CPEs: 22EXPL: 0CVE-2010-3346 – Microsoft Internet Explorer HTML+Time Element outerText Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3346
14 Dec 2010 — Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 7 y 8 no manejan correctamente los objetos en memoria, permitiendo a atacantes remotos ejecutar código arbitrario mediante el acceso a un objeto que (1) no se ha iniciado correcta... • http://www.securitytracker.com/id?1024872 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 97%CPEs: 22EXPL: 5CVE-2010-3962 – Microsoft Internet Explorer - Memory Corruption
https://notcve.org/view.php?id=CVE-2010-3962
05 Nov 2010 — Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. La vulnerabilidad de Uso de la Memoria Previamente Liberada en Microsoft Internet Explorer versiones 6, 7 y 8 permite a los atacantes remotos ejecutar código arbitra... • https://www.exploit-db.com/exploits/15418 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 1%CPEs: 40EXPL: 0CVE-2010-3327
https://notcve.org/view.php?id=CVE-2010-3327
13 Oct 2010 — The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability." La aplicación de creación de contenido HTML en Microsoft Internet Explorer v6 y v8, no quita el elemento de anclaje (Anchor) durante la edición y el pegado, lo cual podría permitir a atacantes remotos obt... • http://support.avaya.com/css/P8/documents/100113324 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 68%CPEs: 39EXPL: 0CVE-2010-3330
https://notcve.org/view.php?id=CVE-2010-3330
13 Oct 2010 — Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability." Microsoft Internet Explorer v6 hasta v8 no restringe adecuadamante el acceso de secuencia de comandos para el contenido de (1)un dominio o (2) zona diferente, lo que permite a atacantes remoto obtener información sensible a través de un... • http://support.avaya.com/css/P8/documents/100113324 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 2%CPEs: 10EXPL: 0CVE-2010-0808
https://notcve.org/view.php?id=CVE-2010-0808
13 Oct 2010 — Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability." Microsoft Internet Explorer 6 y 7 en Windows XP y Vista no impide la secuencia de comandos simulando la interacción del usuario con la característica de AutoCompletado, lo que permite a atacantes remotos obtener info... • http://support.avaya.com/css/P8/documents/100113324 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •