CVSS: 5.3EPSS: 26%CPEs: 40EXPL: 0CVE-2010-3327
https://notcve.org/view.php?id=CVE-2010-3327
13 Oct 2010 — The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability." La aplicación de creación de contenido HTML en Microsoft Internet Explorer v6 y v8, no quita el elemento de anclaje (Anchor) durante la edición y el pegado, lo cual podría permitir a atacantes remotos obt... • http://support.avaya.com/css/P8/documents/100113324 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 20%CPEs: 40EXPL: 1CVE-2010-3325 – Microsoft Internet Explorer 7/8 - CSS Handling Cross Domain Information Disclosure
https://notcve.org/view.php?id=CVE-2010-3325
13 Oct 2010 — Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability." Microsoft Internet Explorer v6 hasta v8 no controla correctamente los caracteres especiales no especificados en las Hojas de Estilo en Cascada (CSS), lo que permite a atacantes remo... • https://www.exploit-db.com/exploits/34602 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 24%CPEs: 39EXPL: 0CVE-2010-3330
https://notcve.org/view.php?id=CVE-2010-3330
13 Oct 2010 — Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability." Microsoft Internet Explorer v6 hasta v8 no restringe adecuadamante el acceso de secuencia de comandos para el contenido de (1)un dominio o (2) zona diferente, lo que permite a atacantes remoto obtener información sensible a través de un... • http://support.avaya.com/css/P8/documents/100113324 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 57%CPEs: 39EXPL: 0CVE-2010-3331
https://notcve.org/view.php?id=CVE-2010-3331
13 Oct 2010 — Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta 8 no maneja adecuadamente objetos en memoria en ciertas circunstancias involucrando el uso de... • http://support.avaya.com/css/P8/documents/100113324 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 55%CPEs: 26EXPL: 0CVE-2010-3328 – Microsoft Internet Explorer Stylesheet PrivateFind Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3328
12 Oct 2010 — Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en la función CAttrArray::PrivateFind en la biblioteca mshtml.dll en Microsoft Internet Explorer versión 6 hasta la versión 8 permite a los atacantes remotos ejecutar ... • http://support.avaya.com/css/P8/documents/100113324 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 24%CPEs: 40EXPL: 0CVE-2010-1258
https://notcve.org/view.php?id=CVE-2010-1258
11 Aug 2010 — Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability." Microsoft Internet Explorer 6, 7 y 8, no determinan apropiadamente el origen de código script, lo que permite a atacantes remotos ejecutar código en un dominio o zona de seguridad no deseados y obtener información sensib... • http://www.us-cert.gov/cas/techalerts/TA10-222A.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 57%CPEs: 22EXPL: 0CVE-2010-2556
https://notcve.org/view.php?id=CVE-2010-2556
11 Aug 2010 — Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6,7 y 8 no manejan adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código accediendo a un objeto que (1) no está apropiadamente inicializado o (2) está... • http://www.us-cert.gov/cas/techalerts/TA10-222A.html • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 21%CPEs: 22EXPL: 0CVE-2010-2558
https://notcve.org/view.php?id=CVE-2010-2558
11 Aug 2010 — Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability." Condición de carrera en Microsoft Internet Explorer 6,7 y 8 permite a atacantes ejecutar código arbitrario o producir una denegación de servicio (corrupción de memoria) mediante vectores relacionados con un objeto en memoria. • http://www.us-cert.gov/cas/techalerts/TA10-222A.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 55%CPEs: 22EXPL: 0CVE-2010-2560
https://notcve.org/view.php?id=CVE-2010-2560
11 Aug 2010 — Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability." Microsoft Internet Explorer v6, v7, y v8 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección aceediendo al objeto que (1) que no fue inicializado (2) es ... • http://www.us-cert.gov/cas/techalerts/TA10-222A.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 58%CPEs: 43EXPL: 0CVE-2010-1259
https://notcve.org/view.php?id=CVE-2010-1259
08 Jun 2010 — Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer v6 SP 1 y SP 2, v7 y v8 permite a atacantes remotos ejecutar código a su elección mediante el acceso a un objeto que (1) no se ha iniciado correctamente o (2) se ha eliminado, lo que lleva a la corrupción de memoria, ta... • http://osvdb.org/65215 • CWE-94: Improper Control of Generation of Code ('Code Injection') •