CVSS: 9.3EPSS: 91%CPEs: 33EXPL: 4CVE-2010-0249 – Microsoft Internet Explorer - 'Aurora' Memory Corruption (MS10-002)
https://notcve.org/view.php?id=CVE-2010-0249
15 Jan 2010 — Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora,... • https://www.exploit-db.com/exploits/16599 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 57%CPEs: 37EXPL: 0CVE-2009-3673 – Microsoft Internet Explorer CSS Race Condition Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-3673
08 Dec 2009 — Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer v7 and v8 no maneja adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue adecuadamente inicializ... • http://www.securitytracker.com/id?1023293 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 61%CPEs: 37EXPL: 0CVE-2009-3674 – Microsoft Internet Explorer IFrame Attributes Circular Reference Dangling Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2009-3674
08 Dec 2009 — Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671. Microsoft Internet Explorer 8 no maneja de manera apropiada objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que ... • http://www.securitytracker.com/id?1023293 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 58%CPEs: 37EXPL: 0CVE-2009-3671 – Microsoft Internet Explorer XHTML DOM Manipulation Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-3671
08 Dec 2009 — Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674. Microsoft Internet Explorer no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no f... • http://www.securitytracker.com/id?1023293 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 5.0EPSS: 26%CPEs: 4EXPL: 0CVE-2009-4073
https://notcve.org/view.php?id=CVE-2009-4073
24 Nov 2009 — The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page. La funcionalidad de impresión en Microsoft Internet Explorer 8 permite a atacantes remotos descubrir un nombre de archivo y probablemente descubrir un usuario local, por la lectura del dc: pequeño elemento de un documento PDF que fue generado desde una página web local. • http://osvdb.org/60504 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 11%CPEs: 2EXPL: 1CVE-2009-3943
https://notcve.org/view.php?id=CVE-2009-3943
16 Nov 2009 — Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property. Microsoft Internet Explorer v6 hasta v6.0.2900.2180 y v7 hasta v7.0.6000.16711 permite a atacantes remotos provocar una denegación de servicio (bloqueo de la aplicación) mediante un bucle JavaScript que configura la página de inicio usando el m... • http://websecurity.com.ua/3658 •
CVSS: 9.3EPSS: 51%CPEs: 41EXPL: 2CVE-2009-1547 – Microsoft Internet Explorer 5.0.1 - 'deflate' HTTP Content Encoding Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-1547
14 Oct 2009 — Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability." Vulnerabilidad inespecífica en Microsoft Internet Explorer v5.01 SP4, v6, v6 SP1, y v7 permite a atacantes remotos ejecutar código arbitrario a través de cabeceras de flujos de datos manipulados que inician una corrupción de memoria, también conocido como "Vulne... • https://www.exploit-db.com/exploits/33270 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 27%CPEs: 41EXPL: 0CVE-2009-2529
https://notcve.org/view.php?id=CVE-2009-2529
14 Oct 2009 — Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability." Microsoft Internet Explorer v5.01 SP4, v6, v6 SP1, v7, y v8 no gestiona adecuadamente la validación de argumentos para un número de variables sin especificar lo que permite a atacantes remotos ejecutar código arbitrario a través de un documentos HTML ma... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 55%CPEs: 41EXPL: 0CVE-2009-2530 – Microsoft Internet Explorer Event Object Type Double-Free Vulnerability
https://notcve.org/view.php?id=CVE-2009-2530
13 Oct 2009 — Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531. Microsoft Internet Explorer v6, v6 SP1, v7, y v8 no gestiona adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitr... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 55%CPEs: 41EXPL: 0CVE-2009-2531 – Microsoft Internet Explorer writing-mode Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-2531
13 Oct 2009 — Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530. Microsoft Internet Explorer v6, v6 SP1, v7, y v8, no maneja adecuadamente objetos en memoria lo que permite a atacantes remotos ejecutar codigo arbitrario m... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •