CVSS: 9.3EPSS: 21%CPEs: 30EXPL: 0CVE-2011-1995
https://notcve.org/view.php?id=CVE-2011-1995
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerability." Microsoft Internet Explorer v6 a v9 no trata correctamente los objetos en la memoria, lo que permite a atacantes remotos ejecutar código de su elección, accediendo a un objeto que no se ha inicializado correctamente. También conocida como "vulnerabilidad de ejecución remota de código de OLEAuto32.dll". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12838 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 93%CPEs: 23EXPL: 1CVE-2011-1996 – Internet Explorer Select Element Cache Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1996
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability." Microsoft Internet Explorer v6 y v8, no tratan correctamente los objetos en la memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto eliminado. También conocida como "vulnerabilidad de ejecución remota de código a través del elemento Option". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the caching implementation of a Select element. • https://www.exploit-db.com/exploits/24020 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12896 •
CVSS: 9.3EPSS: 94%CPEs: 11EXPL: 1CVE-2011-1999 – Microsoft Internet Explorer Select Element Insufficient Type Checking Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1999
Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability." Microsoft Internet Explorer v8 no asigna ni accede correctamente a la memoria, lo que permite a atacantes remotos ejecutar código de su elección a través de vectores que implican una "dirección de memoria no referenciada". También conocida como "vulnerabilidad de ejecución remota de código del elemento Select". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 8. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application verifies arguments for a certain operation performed on an element. • https://www.exploit-db.com/exploits/36209 http://www.securityfocus.com/bid/49964 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12697 •
CVSS: 9.3EPSS: 81%CPEs: 30EXPL: 0CVE-2011-2000 – Microsoft Internet Explorer swapNode Handling Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2000
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability." Microsoft Internet Explorer v6 a v9 no trata correctamente los objetos en la memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto eliminado. También conocida como "vulnerabilidad de ejecución remota de código a través del elemento Body". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles calls to the method swapNode(). • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13083 •
CVSS: 9.3EPSS: 78%CPEs: 13EXPL: 1CVE-2011-2003 – Microsoft Windows - '.fon' Kernel-Mode Buffer Overrun (PoC) (MS11-077)
https://notcve.org/view.php?id=CVE-2011-2003
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability." Un desbordamiento de búfer en win32k.sys en los controladores en modo kernel de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 Service Pack 2, R2 y R2 SP1, y Windows 7 Gold y SP1 permite a atacantes remotos ejecutar código de su elección mediante un archivo .fon específicamente modificado para tal fin. También conocida como "Vulnerabilidad de saturación de bufer de fichero de biblioteca de fuentes". • https://www.exploit-db.com/exploits/17978 http://securityreason.com/securityalert/8473 http://www.securitytracker.com/id?1026165 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-077 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13103 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •