CVSS: 9.3EPSS: 91%CPEs: 39EXPL: 0CVE-2010-3331
https://notcve.org/view.php?id=CVE-2010-3331
13 Oct 2010 — Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta 8 no maneja adecuadamente objetos en memoria en ciertas circunstancias involucrando el uso de... • http://support.avaya.com/css/P8/documents/100113324 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 94%CPEs: 33EXPL: 1CVE-2010-3329 – Microsoft Office - 'HtmlDlgHelper' Class Memory Corruption (MS10-071)
https://notcve.org/view.php?id=CVE-2010-3329
13 Oct 2010 — mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability." La biblioteca Mshtmled.dll en Microsoft Internet Explorer versiones 7 y 8 permite a los atacantes remotos ejecutar código arbitrario por medio de un documento de Microsoft Office creado que hace que el destructor de la clase HtmlDlgHelper... • https://www.exploit-db.com/exploits/15262 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 36%CPEs: 40EXPL: 1CVE-2010-3325 – Microsoft Internet Explorer 7/8 - CSS Handling Cross Domain Information Disclosure
https://notcve.org/view.php?id=CVE-2010-3325
13 Oct 2010 — Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability." Microsoft Internet Explorer v6 hasta v8 no controla correctamente los caracteres especiales no especificados en las Hojas de Estilo en Cascada (CSS), lo que permite a atacantes remo... • https://www.exploit-db.com/exploits/34602 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 81%CPEs: 26EXPL: 0CVE-2010-3328 – Microsoft Internet Explorer Stylesheet PrivateFind Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3328
12 Oct 2010 — Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en la función CAttrArray::PrivateFind en la biblioteca mshtml.dll en Microsoft Internet Explorer versión 6 hasta la versión 8 permite a los atacantes remotos ejecutar ... • http://support.avaya.com/css/P8/documents/100113324 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 14%CPEs: 40EXPL: 0CVE-2010-1258
https://notcve.org/view.php?id=CVE-2010-1258
11 Aug 2010 — Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability." Microsoft Internet Explorer 6, 7 y 8, no determinan apropiadamente el origen de código script, lo que permite a atacantes remotos ejecutar código en un dominio o zona de seguridad no deseados y obtener información sensib... • http://www.us-cert.gov/cas/techalerts/TA10-222A.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 84%CPEs: 22EXPL: 0CVE-2010-2556
https://notcve.org/view.php?id=CVE-2010-2556
11 Aug 2010 — Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6,7 y 8 no manejan adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código accediendo a un objeto que (1) no está apropiadamente inicializado o (2) está... • http://www.us-cert.gov/cas/techalerts/TA10-222A.html • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 84%CPEs: 4EXPL: 0CVE-2010-2557
https://notcve.org/view.php?id=CVE-2010-2557
11 Aug 2010 — Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer v6 no maneja adecuadamente ojetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección por acceso a objetos que (1) no fue inicializado adecuadamente (2) es borrado, ... • http://www.us-cert.gov/cas/techalerts/TA10-222A.html • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 11%CPEs: 22EXPL: 0CVE-2010-2558
https://notcve.org/view.php?id=CVE-2010-2558
11 Aug 2010 — Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability." Condición de carrera en Microsoft Internet Explorer 6,7 y 8 permite a atacantes ejecutar código arbitrario o producir una denegación de servicio (corrupción de memoria) mediante vectores relacionados con un objeto en memoria. • http://www.us-cert.gov/cas/techalerts/TA10-222A.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 52%CPEs: 22EXPL: 0CVE-2010-2560
https://notcve.org/view.php?id=CVE-2010-2560
11 Aug 2010 — Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability." Microsoft Internet Explorer v6, v7, y v8 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección aceediendo al objeto que (1) que no fue inicializado (2) es ... • http://www.us-cert.gov/cas/techalerts/TA10-222A.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 80%CPEs: 43EXPL: 0CVE-2010-1259
https://notcve.org/view.php?id=CVE-2010-1259
08 Jun 2010 — Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer v6 SP 1 y SP 2, v7 y v8 permite a atacantes remotos ejecutar código a su elección mediante el acceso a un objeto que (1) no se ha iniciado correctamente o (2) se ha eliminado, lo que lleva a la corrupción de memoria, ta... • http://osvdb.org/65215 • CWE-94: Improper Control of Generation of Code ('Code Injection') •