CVE-2012-1889 – Microsoft XML Core Services Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2012-1889
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Microsoft XML Core Services 3.0, 4.0, 5.0, y 6.0 accede a localizaciones de memoria mal formadas, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web modificado. Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution. • https://www.exploit-db.com/exploits/19186 https://github.com/whu-enjoy/CVE-2012-1889 http://technet.microsoft.com/security/advisory/2719615 http://www.us-cert.gov/cas/techalerts/TA12-174A.html http://www.us-cert.gov/cas/techalerts/TA12-192A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-043 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15195 • CWE-787: Out-of-bounds Write •
CVE-2012-1874
https://notcve.org/view.php?id=CVE-2012-1874
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability." Microsoft Internet Explorer v8 y v9 no gestionan de forma correcta objetos en memoria, lo que permite a atacantes remotos asistidos por usuarios locales ejecutar código intentando acceder a un objeto eliminado, también conocido como "Developer Toolbar Remote Code Execution Vulnerability." • http://www.us-cert.gov/cas/techalerts/TA12-164A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15425 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2012-1878 – Microsoft Internet Explorer OnBeforeDeactivate Event Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1878
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability." Microsoft Internet Explorer v6 hasta v9 no gestionan de forma correcta objetos en memoria, lo que permite a atacantes remotos ejecutar código accediendo a un objeto eliminado, también conocido como "OnBeforeDeactivate Event Remote Code Execution Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles the onbeforedeactivate callback function for certain elements. During the execution of the onbeforedeactivate callback function it is possible to alter the DOM tree of the page which can lead to a use-after-free vulnerability when the function returns. • http://www.us-cert.gov/cas/techalerts/TA12-164A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15632 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2012-1879 – Microsoft Internet Explorer insertAdjacentText Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1879
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability." Microsoft Internet Explorer v6 hasta v9 no gestionan de forma correcta objetos en memoria, lo que permite a atacantes remotos ejecutar código intentado acceder a una posición de memoria no definida, también conocida como "OnRowsInserted Event Remote Code Execution Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles repeated calls to insertAdjacentText. When the size of the element reaches a certain threshold Internet Explorer fails to correctly relocate key elements. • http://www.us-cert.gov/cas/techalerts/TA12-164A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15588 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2012-1855 – Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1855
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability." Microsoft .NET Framework v2.0 SP2, v3.5, v3.5.1, v4, y v4.5 no maneja adecuadamente los punteros de función, lo que permite a atacantes remotos ejecutar código arbitrario a través de (1) una aplicación navegador XAML modificada (también conocida como XBAP) o (2) una aplicación basada en el framework .NET modificada, también conocida como "vulnerabilidad .NET Framework de acceso de memoria". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within Microsoft .NET XAML Browser Application (XBAP) handling of Clipboard object data. It is possible to cause unsafe memory access within System.Windows.Forms.Clipboard, allowing an attacker to control the memory used by an object's native code. • http://www.us-cert.gov/cas/techalerts/TA12-164A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-038 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14717 • CWE-94: Improper Control of Generation of Code ('Code Injection') •