CVSS: 5.8EPSS: 7%CPEs: 22EXPL: 0CVE-2011-1244
https://notcve.org/view.php?id=CVE-2011-1244
13 Apr 2011 — Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." Microsoft Internet Explorer 6, 7 y 8 no realiza las restricciones de dominio pretendidas cuando se accede a los contenidos. Esto permite a atacantes remotos obtener información sensible o provocar ataques de clickjacking a través de un... • http://osvdb.org/71777 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.3EPSS: 43%CPEs: 40EXPL: 0CVE-2011-0035
https://notcve.org/view.php?id=CVE-2011-0035
10 Feb 2011 — Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036. Microsoft Internet Explorer 6, 7, y 8 no maneja adecuadamente objetos en memoria, lo que permite que atacantes remotos ejecuten código de su elec... • http://osvdb.org/70831 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 43%CPEs: 40EXPL: 0CVE-2011-0036
https://notcve.org/view.php?id=CVE-2011-0036
10 Feb 2011 — Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035. Microsoft Internet Explorer 6, 7 y 8 no controlan correctamente los objetos en la memoria, lo que permite a atac... • http://osvdb.org/70832 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 55%CPEs: 40EXPL: 0CVE-2011-0346
https://notcve.org/view.php?id=CVE-2011-0346
07 Jan 2011 — Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en la función ReleaseInterface de la bibliotec... • http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0698.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.3EPSS: 85%CPEs: 2EXPL: 9CVE-2010-3971 – Microsoft Internet Explorer 8 - CSS Parser Denial of Service
https://notcve.org/view.php?id=CVE-2010-3971
22 Dec 2010 — Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability." Vulnerabilidad de uso después de liberación en la función CSharedStyleSheet::Notify en el parseado Cascading Style Sh... • https://www.exploit-db.com/exploits/15708 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 28%CPEs: 14EXPL: 0CVE-2010-3342
https://notcve.org/view.php?id=CVE-2010-3342
16 Dec 2010 — Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348. Microsoft Internet Explorer 6, 7 y 8 no previene el renderizado del contenido cacheado como HTML, lo que permite a atacantes remotos acceder al contenido a través de un (1)dominio distinto o (2) zon... • http://www.securitytracker.com/id?1024872 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 28%CPEs: 22EXPL: 0CVE-2010-3348
https://notcve.org/view.php?id=CVE-2010-3348
16 Dec 2010 — Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342. Microsoft Internet Explorer 6, 7 y 8 no previene el renderizado del contenido cacheado como HTML, lo que permite a atacantes remotos acceder al contenido a través de un (1)dominio distinto o (2) zon... • http://www.securitytracker.com/id?1024872 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 61%CPEs: 22EXPL: 0CVE-2010-3346 – Microsoft Internet Explorer HTML+Time Element outerText Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3346
14 Dec 2010 — Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 7 y 8 no manejan correctamente los objetos en memoria, permitiendo a atacantes remotos ejecutar código arbitrario mediante el acceso a un objeto que (1) no se ha iniciado correcta... • http://www.securitytracker.com/id?1024872 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 90%CPEs: 22EXPL: 5CVE-2010-3962 – Microsoft Internet Explorer - Memory Corruption
https://notcve.org/view.php?id=CVE-2010-3962
05 Nov 2010 — Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. La vulnerabilidad de Uso de la Memoria Previamente Liberada en Microsoft Internet Explorer versiones 6, 7 y 8 permite a los atacantes remotos ejecutar código arbitra... • https://www.exploit-db.com/exploits/15418 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 26%CPEs: 40EXPL: 0CVE-2010-3327
https://notcve.org/view.php?id=CVE-2010-3327
13 Oct 2010 — The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability." La aplicación de creación de contenido HTML en Microsoft Internet Explorer v6 y v8, no quita el elemento de anclaje (Anchor) durante la edición y el pegado, lo cual podría permitir a atacantes remotos obt... • http://support.avaya.com/css/P8/documents/100113324 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •