CVSS: 10.0EPSS: 61%CPEs: 43EXPL: 0CVE-2010-1262 – Microsoft Internet Explorer Stylesheet Array Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1262
08 Jun 2010 — Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability." Microsoft Internet Explorer versión 6 SP1 y SP2, versión 7 y 8, permiten a los atacantes remotos ejecutar código arbitrario al acceder a un objeto que (1) no se inicializó de manera apropiada (... • http://support.avaya.com/css/P8/documents/100089747 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 59%CPEs: 43EXPL: 0CVE-2010-0490
https://notcve.org/view.php?id=CVE-2010-0490
31 Mar 2010 — Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 6 SP1, 7 y 8 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no fue in... • http://securitytracker.com/id?1023773 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 46%CPEs: 45EXPL: 0CVE-2010-0494
https://notcve.org/view.php?id=CVE-2010-0494
31 Mar 2010 — Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability." Vulnerabilidad de dominio cruzado en Microsoft Internet Explorer 6, 6 SP1, 7 y 8 permite a atacantes remotos asistidos por el usuario eludir la Polít... • http://securitytracker.com/id?1023773 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 26%CPEs: 26EXPL: 2CVE-2010-1127
https://notcve.org/view.php?id=CVE-2010-1127
26 Mar 2010 — Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement. Microsoft Internet Explorer 6 y 7 no inicializan ciertas estructuras durante la ejecución del método createElement, lo que permite a atacantes... • http://archives.neohapsis.com/archives/bugtraq/2010-01/0237.html •
CVSS: 7.8EPSS: 81%CPEs: 10EXPL: 6CVE-2010-0483 – Microsoft Internet Explorer - 'Winhlp32.exe' MsgBox Code Execution (MS10-023)
https://notcve.org/view.php?id=CVE-2010-0483
03 Mar 2010 — vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." L... • https://www.exploit-db.com/exploits/16541 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 44%CPEs: 10EXPL: 3CVE-2010-0917
https://notcve.org/view.php?id=CVE-2010-0917
03 Mar 2010 — Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483. Desbordamiento de búfer basado en pila en VBScript en Microsoft Windows 2000 SP4, XP SP2 y SP3 y Server 2003 SP2, ... • http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 63%CPEs: 49EXPL: 1CVE-2010-0255
https://notcve.org/view.php?id=CVE-2010-0255
04 Feb 2010 — Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448. Microsoft Internet Explorer v... • http://blogs.technet.com/msrc/archive/2010/02/03/security-advisory-980088-released.aspx • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 69%CPEs: 46EXPL: 1CVE-2010-0027 – Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0027
22 Jan 2010 — The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability." La funcionalidad de validación de URL en Microsoft Internet Explorer versiones 5.01, 6, 6 SP1, 7 y 8, y la función de la API ShellExecute en Windows 2000 SP4, XP SP2 ... • https://www.exploit-db.com/exploits/33552 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 34%CPEs: 59EXPL: 0CVE-2010-0244 – Microsoft Internet Explorer Table Layout Col Tag Cache Update Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0244
21 Jan 2010 — Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531. Microsoft Internet Explorer 6, 6 SP1, 7 y 8 no maneja de manera apropiada los objetos en memoria lo que permite a atacantes remotos ejecut... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 80%CPEs: 59EXPL: 1CVE-2010-0248 – Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0248
21 Jan 2010 — Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 6 SP1, 7 y 8 no maneja de manera apropiada los objetos en memoria lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue cor... • https://www.exploit-db.com/exploits/18642 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-416: Use After Free •