CVSS: 9.3EPSS: 91%CPEs: 9EXPL: 0CVE-2010-0491
https://notcve.org/view.php?id=CVE-2010-0491
31 Mar 2010 — Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability." Vulnerabilidad de uso despues de liberación en Microsoft Internet Explorer 5.01 SP4, 6 y 6 SP1, permite a atacantes remotos ejecutar código de su elección cambiando propiedades no especificadas de un objeto HTML que tiene un gest... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=864 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 96%CPEs: 6EXPL: 2CVE-2010-0805 – Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0805
31 Mar 2010 — The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability." El control ActiveX de Tabular Data Control (TDC) en Internet Explorer de Microsoft versiones 5.01 SP4, 6 sobre Windows XP SP2 y SP3, y versión 6 SP1, permite a los atacantes remotos ... • https://www.exploit-db.com/exploits/12032 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 62%CPEs: 19EXPL: 0CVE-2010-0807
https://notcve.org/view.php?id=CVE-2010-0807
31 Mar 2010 — Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." Microsoft Internet Explorer 7 no maneja adecuadamente objetos en memoria, lo que puede permitir a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto borrado que conduce a una corrupción de memoria, también conocido como "HTML Rendering Me... • http://securitytracker.com/id?1023773 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 1CVE-2010-1175 – Microsoft Internet Explorer - XML Parsing Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-1175
29 Mar 2010 — Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability." Microsoft Internet Explorer v7.0 en Windows XP y Windows Server 2003 permite a atacantes remotos tener un impacto sin especificar a través de ciertos documentos XML que hacen referencia a sitios web modificados en el atributo SRC de un elemento imag... • https://www.exploit-db.com/exploits/7477 •
CVSS: 6.5EPSS: 3%CPEs: 26EXPL: 2CVE-2010-1127
https://notcve.org/view.php?id=CVE-2010-1127
26 Mar 2010 — Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement. Microsoft Internet Explorer 6 y 7 no inicializan ciertas estructuras durante la ejecución del método createElement, lo que permite a atacantes... • http://archives.neohapsis.com/archives/bugtraq/2010-01/0237.html •
CVSS: 9.8EPSS: 96%CPEs: 25EXPL: 2CVE-2010-0806 – Microsoft Internet Explorer - 'iepeers.dll' Use-After-Free
https://notcve.org/view.php?id=CVE-2010-0806
10 Mar 2010 — Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability." La vulnerabilidad de Uso de la Memoria Previamente Liberada en el componente Peer Objects (también se conoce como iepeers.dll) en Microsoft Internet Explorer ver... • https://www.exploit-db.com/exploits/11683 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 24%CPEs: 10EXPL: 3CVE-2010-0917
https://notcve.org/view.php?id=CVE-2010-0917
03 Mar 2010 — Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483. Desbordamiento de búfer basado en pila en VBScript en Microsoft Windows 2000 SP4, XP SP2 y SP3 y Server 2003 SP2, ... • http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 97%CPEs: 10EXPL: 6CVE-2010-0483 – Microsoft Internet Explorer - 'Winhlp32.exe' MsgBox Code Execution (MS10-023)
https://notcve.org/view.php?id=CVE-2010-0483
03 Mar 2010 — vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." L... • https://www.exploit-db.com/exploits/16541 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 3%CPEs: 29EXPL: 1CVE-2010-0555
https://notcve.org/view.php?id=CVE-2010-0555
04 Feb 2010 — Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448. Microsoft Internet Explorer v5.01 SP4, v6, vv6 SP1, v7, y v8 n... • http://blogs.technet.com/msrc/archive/2010/02/03/security-advisory-980088-released.aspx •
CVSS: 6.5EPSS: 54%CPEs: 49EXPL: 1CVE-2010-0255
https://notcve.org/view.php?id=CVE-2010-0255
04 Feb 2010 — Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448. Microsoft Internet Explorer v... • http://blogs.technet.com/msrc/archive/2010/02/03/security-advisory-980088-released.aspx • CWE-264: Permissions, Privileges, and Access Controls •