CVSS: 10.0EPSS: 61%CPEs: 22EXPL: 0CVE-2010-3346 – Microsoft Internet Explorer HTML+Time Element outerText Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3346
14 Dec 2010 — Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 7 y 8 no manejan correctamente los objetos en memoria, permitiendo a atacantes remotos ejecutar código arbitrario mediante el acceso a un objeto que (1) no se ha iniciado correcta... • http://www.securitytracker.com/id?1024872 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 8%CPEs: 9EXPL: 4CVE-2010-4398 – Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2010-4398
03 Dec 2010 — Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability." Desbordamiento de buffer basado en pila en la función Rtl... • https://www.exploit-db.com/exploits/15609 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 90%CPEs: 22EXPL: 5CVE-2010-3962 – Microsoft Internet Explorer - Memory Corruption
https://notcve.org/view.php?id=CVE-2010-3962
05 Nov 2010 — Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. La vulnerabilidad de Uso de la Memoria Previamente Liberada en Microsoft Internet Explorer versiones 6, 7 y 8 permite a los atacantes remotos ejecutar código arbitra... • https://www.exploit-db.com/exploits/15418 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 60%CPEs: 28EXPL: 1CVE-2010-2745 – Mozilla Firefox 3.5.10/3.6.6 - 'WMP' Memory Corruption Using Popups
https://notcve.org/view.php?id=CVE-2010-2745
13 Oct 2010 — Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability." Microsoft Windows Media Player (WMP) v9 hasta v12 no asigna adecuadamente ojetos durante la acción de recarga de buscador, lo que permite a atacantes asistidos por usuarios remotos ejecutar código de su el... • https://www.exploit-db.com/exploits/15242 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 70%CPEs: 16EXPL: 1CVE-2010-2746 – Microsoft Windows - Common Control Library 'Comctl32' Heap Overflow (MS10-081)
https://notcve.org/view.php?id=CVE-2010-2746
13 Oct 2010 — Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability." Desbordamiento de búfer basado en memoria dinámica Comctl32.dll (también conoci... • https://www.exploit-db.com/exploits/15963 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 39%CPEs: 17EXPL: 0CVE-2010-3243
https://notcve.org/view.php?id=CVE-2010-3243
13 Oct 2010 — Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." Una vulnerabilidad de ejecución de comandos en sitios cruzados en la función toStaticHTML en Microsoft Internet Explorer v8, y la función SafeHTML en Microsoft Windows... • http://support.avaya.com/css/P8/documents/100113324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 63%CPEs: 33EXPL: 1CVE-2010-3329 – Microsoft Office - 'HtmlDlgHelper' Class Memory Corruption (MS10-071)
https://notcve.org/view.php?id=CVE-2010-3329
13 Oct 2010 — mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability." La biblioteca Mshtmled.dll en Microsoft Internet Explorer versiones 7 y 8 permite a los atacantes remotos ejecutar código arbitrario por medio de un documento de Microsoft Office creado que hace que el destructor de la clase HtmlDlgHelper... • https://www.exploit-db.com/exploits/15262 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 55%CPEs: 12EXPL: 0CVE-2010-3228
https://notcve.org/view.php?id=CVE-2010-3228
13 Oct 2010 — The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability." El Compilador JIT en Microsoft .NET Framework v4.0 en plataformas 64-bit no realiza adecuadamente optimizaciones, lo que permite a atacantes remotos ejecutar código de su elección a través de aplicaciones .NET manipuladas que ini... • http://www.us-cert.gov/cas/techalerts/TA10-285A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 24%CPEs: 39EXPL: 0CVE-2010-3330
https://notcve.org/view.php?id=CVE-2010-3330
13 Oct 2010 — Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability." Microsoft Internet Explorer v6 hasta v8 no restringe adecuadamante el acceso de secuencia de comandos para el contenido de (1)un dominio o (2) zona diferente, lo que permite a atacantes remoto obtener información sensible a través de un... • http://support.avaya.com/css/P8/documents/100113324 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 57%CPEs: 39EXPL: 0CVE-2010-3331
https://notcve.org/view.php?id=CVE-2010-3331
13 Oct 2010 — Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta 8 no maneja adecuadamente objetos en memoria en ciertas circunstancias involucrando el uso de... • http://support.avaya.com/css/P8/documents/100113324 • CWE-94: Improper Control of Generation of Code ('Code Injection') •