CVSS: 9.3EPSS: 95%CPEs: 23EXPL: 1CVE-2011-1996 – Internet Explorer Select Element Cache Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1996
12 Oct 2011 — Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability." Microsoft Internet Explorer v6 y v8, no tratan correctamente los objetos en la memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto eliminado. También conocida como "vulnerabilidad de ejecución remota de código a través del elemento Optio... • https://www.exploit-db.com/exploits/24020 •
CVSS: 8.1EPSS: 17%CPEs: 23EXPL: 0CVE-2011-1257
https://notcve.org/view.php?id=CVE-2011-1257
10 Aug 2011 — Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability." Condición de carrera en Microsoft Internet Explorer de la v6 a la v8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores que involucran el acceso a un objeto, también conocido como... • http://www.us-cert.gov/cas/techalerts/TA11-221A.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.3EPSS: 0%CPEs: 30EXPL: 0CVE-2011-1962
https://notcve.org/view.php?id=CVE-2011-1962
10 Aug 2011 — Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 no maneja apropiadamente secuencias de caracteres sin especificar, lo que permite a atacantes remotos leer contenido de un diferente (1) dominio o (2) zona a través de un... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 91%CPEs: 30EXPL: 0CVE-2011-1961
https://notcve.org/view.php?id=CVE-2011-1961
10 Aug 2011 — The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability." El manejador de URIs de telnet en Microsoft Internet Explorer 6 hasta la versión 9 no ejecuta apropiadamente la aplicación asignada, lo que permite a atacantes remotos ejecutar programas arbitrarios a través de una página web modificada. También conocida... • http://jvn.jp/en/jp/JVN80404511/index.html •
CVSS: 7.5EPSS: 21%CPEs: 30EXPL: 0CVE-2011-1960
https://notcve.org/view.php?id=CVE-2011-1960
10 Aug 2011 — Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability." Microsoft Internet Explorer de la v6 a la v9 no aplica correctamente los controladores de eventos de JavaScript, que permiten a atacantes remotos acceder al contenido desde un diferente (1) dominio o (2) zona a través de código de script no ... • http://www.us-cert.gov/cas/techalerts/TA11-221A.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 0%CPEs: 200EXPL: 1CVE-2011-2379
https://notcve.org/view.php?id=CVE-2011-2379
09 Aug 2011 — Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode, allows remote attackers to inject arbitrary web script or HTML via a crafted patch, related to content sniffing. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Bugzilla 2.4 hasta la versión 2.22.7, 3.0.x hasta la... • http://secunia.com/advisories/45501 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 91%CPEs: 26EXPL: 0CVE-2011-1963 – Microsoft Internet Explorer XSLT SetViewSlave Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1963
09 Aug 2011 — Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vulnerability." Microsoft Internet Explorer 7 hasta 9 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a objetos que (1) no fueron inicializados correctamente o (2) es eliminado, también conoc... • http://www.us-cert.gov/cas/techalerts/TA11-221A.html • CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 91%CPEs: 30EXPL: 0CVE-2011-1964 – Microsoft Internet Explorer 9 STYLE Object Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1964
09 Aug 2011 — Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 no maneja apropiadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitrario accediendo a un objeto que (1) no fue apropiadamente inicializado o (2) ha sido borr... • http://www.us-cert.gov/cas/techalerts/TA11-221A.html • CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 16%CPEs: 22EXPL: 0CVE-2011-1254
https://notcve.org/view.php?id=CVE-2011-1254
16 Jun 2011 — Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability." Microsoft Internet Explorer v6 a la v8 no manejan adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no ha sido iniciado adecuadamente o (2) es borrado. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 9%CPEs: 22EXPL: 0CVE-2011-1258
https://notcve.org/view.php?id=CVE-2011-1258
16 Jun 2011 — Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." Microsoft Internet Explorer 6 hasta la 8, no restringe correctamente el script web, permitiendo a atacantes remotos asistidos por el usuario obtener información confidencial de otro (1) dominio o (2) zona a tra... • http://blogs.technet.com/b/msrc/archive/2011/06/09/june-advance-notification-service-and-10-immutable-laws-revisited.aspx • CWE-668: Exposure of Resource to Wrong Sphere •