CVSS: 9.3EPSS: 50%CPEs: 17EXPL: 0CVE-2010-1260
https://notcve.org/view.php?id=CVE-2010-1260
08 Jun 2010 — The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." El IE8 Developer Toolbar en Microsoft Internet Explorer v8 SP1, SP2 y SP3 permite a atacantes remotos ayudados por el usuario ejecutar código a su elección mediante el acceso a un objeto que (1) no se ha inici... • http://osvdb.org/65213 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 58%CPEs: 17EXPL: 0CVE-2010-1261
https://notcve.org/view.php?id=CVE-2010-1261
08 Jun 2010 — The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Vulnerabilidad en IE8 Developer Toolbar en Microsoft Internet Explorer v8 SP1, SP2 y SP3 permite a atacantes remotos ayudados por el usuario ejecutar código a su elección mediante el acceso a un objeto que (1... • http://osvdb.org/65214 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 1%CPEs: 20EXPL: 0CVE-2010-0485
https://notcve.org/view.php?id=CVE-2010-0485
08 Jun 2010 — The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability." Los drivers kernel-mode de Windows en win32k.sys en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista SP1 y SP2, Server 2008 Gold y SP2, ... • http://www.opera.com/support/kb/view/954 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 20EXPL: 0CVE-2010-1255
https://notcve.org/view.php?id=CVE-2010-1255
08 Jun 2010 — The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability." El controlador -driver- de Windows kernel-mode en win32k.sys de Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista SP1 y SP2, Server 2008 Gold y SP... • http://www.opera.com/support/kb/view/954 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 58%CPEs: 43EXPL: 0CVE-2010-1259
https://notcve.org/view.php?id=CVE-2010-1259
08 Jun 2010 — Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer v6 SP 1 y SP 2, v7 y v8 permite a atacantes remotos ejecutar código a su elección mediante el acceso a un objeto que (1) no se ha iniciado correctamente o (2) se ha eliminado, lo que lleva a la corrupción de memoria, ta... • http://osvdb.org/65215 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 58%CPEs: 16EXPL: 0CVE-2010-0811
https://notcve.org/view.php?id=CVE-2010-0811
08 Jun 2010 — Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability." Vulnerabilidad sin especificar en el control ActiveX Dev... • http://www.us-cert.gov/cas/techalerts/TA10-159B.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 44%CPEs: 28EXPL: 0CVE-2010-1257
https://notcve.org/view.php?id=CVE-2010-1257
08 Jun 2010 — Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la API toStaticHTML, tal como es usada en Microsoft Office InfoPath 2003 SP3, 2007 SP1 y 2007 SP2; Off... • http://support.avaya.com/css/P8/documents/100089747 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 3%CPEs: 20EXPL: 0CVE-2010-0819
https://notcve.org/view.php?id=CVE-2010-0819
08 Jun 2010 — Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability." Vulnerabilidad sin especificar en el driver Windows OpenType Compact Font Format (CFF) en Microsoft... • http://www.securityfocus.com/bid/40572 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 33%CPEs: 17EXPL: 0CVE-2010-1256
https://notcve.org/view.php?id=CVE-2010-1256
08 Jun 2010 — Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability." Vulnerabilidad no especificada en Microsoft IIS 6.0, 7.0 y 7.5 cuando la Protección Extended por Autenticación está habilitada, permite a usuarios autenticados en remoto ejecutar código de su elec... • http://www.securityfocus.com/bid/40573 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 61%CPEs: 43EXPL: 0CVE-2010-1262 – Microsoft Internet Explorer Stylesheet Array Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1262
08 Jun 2010 — Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability." Microsoft Internet Explorer versión 6 SP1 y SP2, versión 7 y 8, permiten a los atacantes remotos ejecutar código arbitrario al acceder a un objeto que (1) no se inicializó de manera apropiada (... • http://support.avaya.com/css/P8/documents/100089747 • CWE-94: Improper Control of Generation of Code ('Code Injection') •