CVE-2011-1587
https://notcve.org/view.php?id=CVE-2011-1587
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en MediaWiki antes de v1.16.4, cuando se utiliza Internet Explorer v6 o versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un archivo cargado; accediendo con una extensión peligrosa como .html que se encuentra antes de un ? • http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000097.html http://openwall.com/lists/oss-security/2011/04/18/5 http://www.debian.org/security/2011/dsa-2366 https://bugzilla.redhat.com/show_bug.cgi?id=696360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-0249 – Microsoft Internet Explorer - 'Aurora' Memory Corruption (MS10-002)
https://notcve.org/view.php?id=CVE-2010-0249
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 6, 6 SP1, 7 y 8 en Windows 2000 SP4; Windows XP SP2 y SP3; Windows Server 2003 SP2; Windows Vista Gold SP1 y SP2; Windows Server 2008 Gold, SP2 y R2; y Windows 7; permite a atacantes remotos ejecutar código de su elección accediendo a un puntero asociado a un objeto eliminado, como se ha explotado activamente en Enero 2010. • https://www.exploit-db.com/exploits/16599 https://www.exploit-db.com/exploits/11167 http://blogs.technet.com/msrc/archive/2010/01/14/security-advisory-979352.aspx http://news.cnet.com/8301-27080_3-10435232-245.html http://osvdb.org/61697 http://securitytracker.com/id?1023462 http://support.microsoft.com/kb/979352 http://www.exploit-db.com/exploits/11167 http://www.kb.cert.org/vuls/id/492515 http://www.microsoft.com/technet/security/advisory/979352.mspx http:/ • CWE-416: Use After Free •
CVE-2009-3671 – Microsoft Internet Explorer XHTML DOM Manipulation Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-3671
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674. Microsoft Internet Explorer no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue inicializado adecuadamente o (2) es borrado, provocando una corrupción de memoria, conocido como "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a user must visit a malicious web page. The specific flaw exists in the manipulation and parsing of certain HTML tags. The ordering of various objects in a malformed way results in memory corruption resulting in a call to a dangling pointer which can be further leveraged via a heap spray. • http://www.securitytracker.com/id?1023293 http://www.us-cert.gov/cas/techalerts/TA09-342A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6382 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVE-2009-3673 – Microsoft Internet Explorer CSS Race Condition Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-3673
Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer v7 and v8 no maneja adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue adecuadamente inicializado o (2) es borrado, desencadenando en una corrupción de memoria, conocido como "Uninitialized Memory Corruption Vulnerability." This vulnerability allows remote attackers to potentially execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during a race condition while repetitively clicking between two elements at a fast rate. When clicking back and forth between these two elements a corruption occurs resulting in a call to a dangling pointer which can be further leveraged into code execution via a heap spray. • http://www.securitytracker.com/id?1023293 http://www.us-cert.gov/cas/techalerts/TA09-342A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6519 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2009-3674 – Microsoft Internet Explorer IFrame Attributes Circular Reference Dangling Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2009-3674
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671. Microsoft Internet Explorer 8 no maneja de manera apropiada objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue iniciado adecuadamente o (2) está borrado, provocando una corrupción de memoria. También conocido como "Vulnerabilidad Uninitialized Memory Corruption", una vulnerabilidad diferente a CVE-2009-3671. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The specific flaw exists during deallocation of a circular dereference for a CAttrArray object. • http://www.securitytracker.com/id?1023293 http://www.us-cert.gov/cas/techalerts/TA09-342A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6570 • CWE-399: Resource Management Errors •