CVSS: 9.3EPSS: 94%CPEs: 5EXPL: 1CVE-2013-1309 – Microsoft Internet Explorer CDispNode Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1309
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-2551. Vulnerabilidad de tipo "usar después de liberar" en Microsoft Internet Explorer v6 hasta v10 permite a atacantes remotos ejecutar código de su elección mediante un sitio web malintencionado que lanza el acceso a un objeto eliminado, también conocido como "Vulnerabilidad de usar después de liberar en Internet Explorer", una vulnerabilidad diferente a CVE-2013-1308 y CVE-2013-2551. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within styles being applied to elements on the DOM causing a negatively positioned CDispNode to be freed. The process can be later forced to reuse this object resulting in a use-after-free condition. • https://www.exploit-db.com/exploits/40893 http://blog.skylined.nl/20161207001.html http://packetstormsecurity.com/files/140094/Microsoft-Internet-Explorer-MSHTML-CDispNode-InsertSiblingNode-Use-After-Free.html http://www.us-cert.gov/ncas/alerts/TA13-134A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16396 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef&# • CWE-416: Use After Free •
CVSS: 9.3EPSS: 84%CPEs: 2EXPL: 0CVE-2013-1310
https://notcve.org/view.php?id=CVE-2013-1310
Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." Vulnerabilidad de tipo "usar después de liberar" en Microsoft Internet Explorer v6 y v7 permite a atacantes remotos ejecutar código de su elección mediante un sitio web malintencionado que lanza el acceso a un objeto eliminado, también conocido como "Vulnerabilidad de usar después de liberar en Internet Explorer" • http://www.us-cert.gov/ncas/alerts/TA13-134A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16689 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 93%CPEs: 5EXPL: 0CVE-2013-1338 – Microsoft Internet Explorer VML TextBox Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1338
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1304. Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer del 6 al 10, permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado que genera el acceso a un objeto borrado. aka "Internet Explorer Use After Free Vulnerability", vulnerabilidad distinta de CVE-2013-1303 y CVE-2013-1304. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of a VML textbox. When a dynamic style is defined, it can remove the textbox resulting in a use-after-free condition. • http://www.us-cert.gov/ncas/alerts/TA13-100A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-028 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16621 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2013-2408
https://notcve.org/view.php?id=CVE-2013-2408
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology and use of Internet Explorer 6. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise PeopleTools de Oracle PeopleSoft Products v8.51, v8.52, y v8.53 que permite a atacantes remotos afectar la integridad a través de vectores relacionados con el PIA Core Technology y el uso de Internet Explorer 6. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html •
CVSS: 9.3EPSS: 92%CPEs: 5EXPL: 0CVE-2013-1304
https://notcve.org/view.php?id=CVE-2013-1304
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1338. Vulnerabilidad de utilización después del uso en Microsoft Internet Explorer de la versión 6 a la 10, permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado que provoca el acceso a un objeto eliminado. Aka "Internet Explorer Use After Free Vulnerability," vulnerabilidad distinta de CVE-2013-1303. • http://www.us-cert.gov/ncas/alerts/TA13-100A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-028 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16515 • CWE-399: Resource Management Errors •