CVSS: 9.3EPSS: 91%CPEs: 39EXPL: 0CVE-2010-3331
https://notcve.org/view.php?id=CVE-2010-3331
13 Oct 2010 — Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta 8 no maneja adecuadamente objetos en memoria en ciertas circunstancias involucrando el uso de... • http://support.avaya.com/css/P8/documents/100113324 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 36%CPEs: 40EXPL: 1CVE-2010-3325 – Microsoft Internet Explorer 7/8 - CSS Handling Cross Domain Information Disclosure
https://notcve.org/view.php?id=CVE-2010-3325
13 Oct 2010 — Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability." Microsoft Internet Explorer v6 hasta v8 no controla correctamente los caracteres especiales no especificados en las Hojas de Estilo en Cascada (CSS), lo que permite a atacantes remo... • https://www.exploit-db.com/exploits/34602 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 81%CPEs: 26EXPL: 0CVE-2010-3328 – Microsoft Internet Explorer Stylesheet PrivateFind Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3328
12 Oct 2010 — Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en la función CAttrArray::PrivateFind en la biblioteca mshtml.dll en Microsoft Internet Explorer versión 6 hasta la versión 8 permite a los atacantes remotos ejecutar ... • http://support.avaya.com/css/P8/documents/100113324 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 14%CPEs: 40EXPL: 0CVE-2010-1258
https://notcve.org/view.php?id=CVE-2010-1258
11 Aug 2010 — Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability." Microsoft Internet Explorer 6, 7 y 8, no determinan apropiadamente el origen de código script, lo que permite a atacantes remotos ejecutar código en un dominio o zona de seguridad no deseados y obtener información sensib... • http://www.us-cert.gov/cas/techalerts/TA10-222A.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 84%CPEs: 22EXPL: 0CVE-2010-2556
https://notcve.org/view.php?id=CVE-2010-2556
11 Aug 2010 — Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6,7 y 8 no manejan adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código accediendo a un objeto que (1) no está apropiadamente inicializado o (2) está... • http://www.us-cert.gov/cas/techalerts/TA10-222A.html • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 11%CPEs: 22EXPL: 0CVE-2010-2558
https://notcve.org/view.php?id=CVE-2010-2558
11 Aug 2010 — Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability." Condición de carrera en Microsoft Internet Explorer 6,7 y 8 permite a atacantes ejecutar código arbitrario o producir una denegación de servicio (corrupción de memoria) mediante vectores relacionados con un objeto en memoria. • http://www.us-cert.gov/cas/techalerts/TA10-222A.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 52%CPEs: 22EXPL: 0CVE-2010-2560
https://notcve.org/view.php?id=CVE-2010-2560
11 Aug 2010 — Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability." Microsoft Internet Explorer v6, v7, y v8 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección aceediendo al objeto que (1) que no fue inicializado (2) es ... • http://www.us-cert.gov/cas/techalerts/TA10-222A.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 80%CPEs: 43EXPL: 0CVE-2010-1259
https://notcve.org/view.php?id=CVE-2010-1259
08 Jun 2010 — Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer v6 SP 1 y SP 2, v7 y v8 permite a atacantes remotos ejecutar código a su elección mediante el acceso a un objeto que (1) no se ha iniciado correctamente o (2) se ha eliminado, lo que lleva a la corrupción de memoria, ta... • http://osvdb.org/65215 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 84%CPEs: 43EXPL: 0CVE-2010-1262 – Microsoft Internet Explorer Stylesheet Array Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1262
08 Jun 2010 — Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability." Microsoft Internet Explorer versión 6 SP1 y SP2, versión 7 y 8, permiten a los atacantes remotos ejecutar código arbitrario al acceder a un objeto que (1) no se inicializó de manera apropiada (... • http://support.avaya.com/css/P8/documents/100089747 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 18%CPEs: 27EXPL: 0CVE-2010-0488
https://notcve.org/view.php?id=CVE-2010-0488
31 Mar 2010 — Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1 y 7 no maneja adecuadamente "cadenas de codificación" (encoding strings) no especificadas, lo que permite a atacantes remotos eludir la Política del Mismo Origen (Same Origin P... • http://jvn.jp/en/jp/JVN49467403/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •