CVSS: 9.3EPSS: 94%CPEs: 28EXPL: 0CVE-2008-4259 – Microsoft Internet Explorer Webdav Request Parsing Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-4259
09 Dec 2008 — Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability." Microsoft Internet Explorer versión 7 algunas veces intenta acceder a las ubicaciones de memoria no inicializadas, lo que permite a los atacantes remotos ejecutar código arbitrario por medio de u... • http://www.securityfocus.com/archive/1/499065/100/0/threaded • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 92%CPEs: 28EXPL: 0CVE-2008-3472
https://notcve.org/view.php?id=CVE-2008-3472
15 Oct 2008 — Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability." Microsoft Internet Explorer 6 y 7 no determina correctamente el dominio o zona de seguridad original de un script, lo que permite a un atacante remoto eludir la política de seg... • http://marc.info/?l=bugtraq&m=122479227205998&w=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 94%CPEs: 28EXPL: 0CVE-2008-3476
https://notcve.org/view.php?id=CVE-2008-3476
15 Oct 2008 — Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01 SP4 y 6 no gestiona correctamente los errores asociados con el acceso a memoria no inicializada, lo que permite a atacantes remotos ejecutar código de su elección mediante un documento HTML, también conocido como "HTML ... • http://marc.info/?l=bugtraq&m=122479227205998&w=2 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 95%CPEs: 29EXPL: 0CVE-2008-3473
https://notcve.org/view.php?id=CVE-2008-3473
15 Oct 2008 — Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability." Microsoft Internet Explorer v6 y v7 no determina de forma adecuada el dominio o zona de seguridad del origen de la secuencia de comandos web, lo que permite a atacantes remot... • http://marc.info/?l=bugtraq&m=122479227205998&w=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 7%CPEs: 28EXPL: 0CVE-2008-3474
https://notcve.org/view.php?id=CVE-2008-3474
15 Oct 2008 — Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability." Microsoft Internet Explorer 6 y 7 no determina apropiadamente el dominio o zona de seguridad de origen de una secuencia de comandos (script) web, lo cual permite a atacantes remotos evitar polít... • http://marc.info/?l=bugtraq&m=122479227205998&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 67%CPEs: 28EXPL: 0CVE-2008-3477
https://notcve.org/view.php?id=CVE-2008-3477
15 Oct 2008 — Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability." Microsoft Excel 2000 SP3, 2002 SP3 y 2003 SP2 y SP3 no valida correctamente los da... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=746 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 94%CPEs: 28EXPL: 0CVE-2008-3475 – Microsoft Internet Explorer componentFromPoint Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-3475
14 Oct 2008 — Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6 no maneja adecuadamente errores asociados con accesos a un objeto que ha sido (1) inicializado incorrectamente o (2) borrado, lo cual permite a atacantes remotos... • http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html • CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 2%CPEs: 3EXPL: 0CVE-2008-4381
https://notcve.org/view.php?id=CVE-2008-4381
02 Oct 2008 — Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. El navegador Microsoft Internet Explorer v7 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de Javascript que llama a la función alert con una cadena codificada en formato URL de un número largo de caracteres inválidos. • http://securityreason.com/securityalert/4345 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 82%CPEs: 4EXPL: 0CVE-2008-2254
https://notcve.org/view.php?id=CVE-2008-2254
13 Aug 2008 — Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability." Internet Explorer de Microsoft versiones 6 y 7, accede a la memoria no inicializada, lo que permite a los atacantes remotos causar una denegación de servicio (bloqueo) y ejecutar código arbitrario por medio de vectores desconocidos, también se conoce como "HTML Object Memory Cor... • http://marc.info/?l=bugtraq&m=121915960406986&w=2 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 70%CPEs: 5EXPL: 0CVE-2008-2255
https://notcve.org/view.php?id=CVE-2008-2255
13 Aug 2008 — Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01, 6 y 7 accede a memoria no inicializada, lo que permite a atacantes remotos provocar una denegación de servicio (caída) y ejecutar código de su elección mediante vectores desconocidos, una vuln... • http://marc.info/?l=bugtraq&m=121915960406986&w=2 • CWE-399: Resource Management Errors •