CVSS: 9.3EPSS: 37%CPEs: 30EXPL: 0CVE-2011-1993
https://notcve.org/view.php?id=CVE-2011-1993
12 Oct 2011 — Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability." Microsoft Internet Explorer v6 a v9 no trata correctamente los objetos en la memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto eliminado. También conocidacomo "vulnerabilidad de ejecución remota de código del evento Scroll". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081 •
CVSS: 9.3EPSS: 39%CPEs: 6EXPL: 0CVE-2011-1997
https://notcve.org/view.php?id=CVE-2011-1997
12 Oct 2011 — Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnLoad Event Remote Code Execution Vulnerability." Microsoft Internet Explorer v6 no gestiona adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su eleccion accediendo a un objeto eliminado. También conocida como "vulnerabilidad de ejecución remota de código del evento OnLoad". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 40%CPEs: 7EXPL: 0CVE-2011-1998
https://notcve.org/view.php?id=CVE-2011-1998
12 Oct 2011 — Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "Jscript9.dll Remote Code Execution Vulnerability." Microsoft Internet Explorer v9 no trata correctamente los objetos en la memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que que no Se ha inicializado correctamente. También conocido como "Vulnerabilidad de ejecución Re... • http://www.securityfocus.com/bid/49963 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 6%CPEs: 24EXPL: 1CVE-2011-3389 – HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
https://notcve.org/view.php?id=CVE-2011-3389
06 Sep 2011 — The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClie... • https://github.com/mpgn/BEAST-PoC • CWE-326: Inadequate Encryption Strength •
CVSS: 4.3EPSS: 17%CPEs: 30EXPL: 0CVE-2011-1962
https://notcve.org/view.php?id=CVE-2011-1962
10 Aug 2011 — Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 no maneja apropiadamente secuencias de caracteres sin especificar, lo que permite a atacantes remotos leer contenido de un diferente (1) dominio o (2) zona a través de un... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 9%CPEs: 23EXPL: 0CVE-2011-1257
https://notcve.org/view.php?id=CVE-2011-1257
10 Aug 2011 — Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability." Condición de carrera en Microsoft Internet Explorer de la v6 a la v8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores que involucran el acceso a un objeto, también conocido como... • http://www.us-cert.gov/cas/techalerts/TA11-221A.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 19%CPEs: 30EXPL: 0CVE-2011-1960
https://notcve.org/view.php?id=CVE-2011-1960
10 Aug 2011 — Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability." Microsoft Internet Explorer de la v6 a la v9 no aplica correctamente los controladores de eventos de JavaScript, que permiten a atacantes remotos acceder al contenido desde un diferente (1) dominio o (2) zona a través de código de script no ... • http://www.us-cert.gov/cas/techalerts/TA11-221A.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.3EPSS: 26%CPEs: 30EXPL: 0CVE-2011-1961
https://notcve.org/view.php?id=CVE-2011-1961
10 Aug 2011 — The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability." El manejador de URIs de telnet en Microsoft Internet Explorer 6 hasta la versión 9 no ejecuta apropiadamente la aplicación asignada, lo que permite a atacantes remotos ejecutar programas arbitrarios a través de una página web modificada. También conocida... • http://jvn.jp/en/jp/JVN80404511/index.html •
CVSS: 9.3EPSS: 44%CPEs: 26EXPL: 0CVE-2011-1963 – Microsoft Internet Explorer XSLT SetViewSlave Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1963
09 Aug 2011 — Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vulnerability." Microsoft Internet Explorer 7 hasta 9 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a objetos que (1) no fueron inicializados correctamente o (2) es eliminado, también conoc... • http://www.us-cert.gov/cas/techalerts/TA11-221A.html • CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 44%CPEs: 30EXPL: 0CVE-2011-1964 – Microsoft Internet Explorer 9 STYLE Object Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1964
09 Aug 2011 — Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 no maneja apropiadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitrario accediendo a un objeto que (1) no fue apropiadamente inicializado o (2) ha sido borr... • http://www.us-cert.gov/cas/techalerts/TA11-221A.html • CWE-908: Use of Uninitialized Resource •