CVSS: 9.3EPSS: 97%CPEs: 29EXPL: 2CVE-2012-1889 – Microsoft XML Core Services Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2012-1889
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Microsoft XML Core Services 3.0, 4.0, 5.0, y 6.0 accede a localizaciones de memoria mal formadas, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web modificado. Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution. • https://www.exploit-db.com/exploits/19186 https://github.com/whu-enjoy/CVE-2012-1889 http://technet.microsoft.com/security/advisory/2719615 http://www.us-cert.gov/cas/techalerts/TA12-174A.html http://www.us-cert.gov/cas/techalerts/TA12-192A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-043 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15195 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 92%CPEs: 13EXPL: 0CVE-2012-0173
https://notcve.org/view.php?id=CVE-2012-0173
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002. La implementación de Remote Desktop Protocol (RDP) en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, y R2 SP1, y Windows 7 Gold y SP1 no procesa de forma correcta los paquetes en memoria, lo que permite a atacantes remotos ejecutar código, mediante el envío de paquetes RDP manipulados, que provocan acceso a un objeto que (1) no está inicializado de forma correcta o (2) ha sido eliminado, también conocido como "Remote Desktop Protocol Vulnerability," es una vulnerabilidad distinta a CVE-2012-0002. • http://www.us-cert.gov/cas/techalerts/TA12-164A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-036 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15116 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0CVE-2012-1882
https://notcve.org/view.php?id=CVE-2012-1882
Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability." Microsoft Internet Explorer 6 hasta 9 no bloquea eventos de desplazamiento de dominios cruzados, los cuales permiten a atacantes remotos leer contenido desde (1) un dominio o (2) zona a través de un sitio web manipulado, conocido también como "vulnerabilidad de publicación de información de eventos de desplazamiento" • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15367 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2012-1873
https://notcve.org/view.php?id=CVE-2012-1873
Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability." Microsoft Internet Explorer v7 hasta v9 no crea ni inicializa las cadenas de datos de forma adecuada, lo que permite a atacantes remotos obtener información sensible de procesos de memoria a través de una documento HTML manipulado, también conocido como "Null Byte Information Disclosure Vulnerability." • http://www.us-cert.gov/cas/techalerts/TA12-164A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15026 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 87%CPEs: 33EXPL: 0CVE-2012-1855 – Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1855
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability." Microsoft .NET Framework v2.0 SP2, v3.5, v3.5.1, v4, y v4.5 no maneja adecuadamente los punteros de función, lo que permite a atacantes remotos ejecutar código arbitrario a través de (1) una aplicación navegador XAML modificada (también conocida como XBAP) o (2) una aplicación basada en el framework .NET modificada, también conocida como "vulnerabilidad .NET Framework de acceso de memoria". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within Microsoft .NET XAML Browser Application (XBAP) handling of Clipboard object data. It is possible to cause unsafe memory access within System.Windows.Forms.Clipboard, allowing an attacker to control the memory used by an object's native code. • http://www.us-cert.gov/cas/techalerts/TA12-164A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-038 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14717 • CWE-94: Improper Control of Generation of Code ('Code Injection') •