CVSS: 6.5EPSS: 63%CPEs: 49EXPL: 1CVE-2010-0255
https://notcve.org/view.php?id=CVE-2010-0255
04 Feb 2010 — Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448. Microsoft Internet Explorer v... • http://blogs.technet.com/msrc/archive/2010/02/03/security-advisory-980088-released.aspx • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 69%CPEs: 46EXPL: 1CVE-2010-0027 – Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0027
22 Jan 2010 — The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability." La funcionalidad de validación de URL en Microsoft Internet Explorer versiones 5.01, 6, 6 SP1, 7 y 8, y la función de la API ShellExecute en Windows 2000 SP4, XP SP2 ... • https://www.exploit-db.com/exploits/33552 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 28%CPEs: 25EXPL: 0CVE-2010-0247
https://notcve.org/view.php?id=CVE-2010-0247
22 Jan 2010 — Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01 SP4, 6 y 6 SP1 no maneja de manera apropiada los objetos en memoria lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) ... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 34%CPEs: 59EXPL: 0CVE-2010-0244 – Microsoft Internet Explorer Table Layout Col Tag Cache Update Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0244
21 Jan 2010 — Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531. Microsoft Internet Explorer 6, 6 SP1, 7 y 8 no maneja de manera apropiada los objetos en memoria lo que permite a atacantes remotos ejecut... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 80%CPEs: 59EXPL: 1CVE-2010-0248 – Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0248
21 Jan 2010 — Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 6 SP1, 7 y 8 no maneja de manera apropiada los objetos en memoria lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue cor... • https://www.exploit-db.com/exploits/18642 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-416: Use After Free •
CVSS: 9.3EPSS: 91%CPEs: 33EXPL: 4CVE-2010-0249 – Microsoft Internet Explorer - 'Aurora' Memory Corruption (MS10-002)
https://notcve.org/view.php?id=CVE-2010-0249
15 Jan 2010 — Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora,... • https://www.exploit-db.com/exploits/16599 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 57%CPEs: 37EXPL: 0CVE-2009-3673 – Microsoft Internet Explorer CSS Race Condition Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-3673
08 Dec 2009 — Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer v7 and v8 no maneja adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue adecuadamente inicializ... • http://www.securitytracker.com/id?1023293 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 61%CPEs: 37EXPL: 0CVE-2009-3674 – Microsoft Internet Explorer IFrame Attributes Circular Reference Dangling Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2009-3674
08 Dec 2009 — Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671. Microsoft Internet Explorer 8 no maneja de manera apropiada objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que ... • http://www.securitytracker.com/id?1023293 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 58%CPEs: 37EXPL: 0CVE-2009-3671 – Microsoft Internet Explorer XHTML DOM Manipulation Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-3671
08 Dec 2009 — Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674. Microsoft Internet Explorer no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no f... • http://www.securitytracker.com/id?1023293 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.3EPSS: 79%CPEs: 32EXPL: 2CVE-2009-3672 – Microsoft Internet Explorer - Style getElementsByTagName Memory Corruption (MS09-072)
https://notcve.org/view.php?id=CVE-2009-3672
02 Dec 2009 — Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of... • https://www.exploit-db.com/exploits/16547 • CWE-94: Improper Control of Generation of Code ('Code Injection') •