CVSS: 9.3EPSS: 4%CPEs: 59EXPL: 0CVE-2011-0248 – Apple Quicktime Media Link src Parameter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0248
04 Aug 2011 — Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL file. Desbordamiento de buffer de pila en el control ActiveX de QuickTime de Apple QuickTime en versiones anteriores a la 7.7 en Windows. Cuando se utiliza Internet Explorer, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de s... • http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 69%CPEs: 22EXPL: 2CVE-2011-1255 – Microsoft Internet Explorer - Time Element Memory Corruption (MS11-050)
https://notcve.org/view.php?id=CVE-2011-1255
16 Jun 2011 — The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability." La implantación de extensiones multimedia interactivas temporizadas ("Timed Interactive Multimedia Extensions" o HTML+TIME) en Microsoft Internet Explorer 6 hasta... • https://packetstorm.news/files/id/115626 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 40%CPEs: 22EXPL: 0CVE-2011-1254
https://notcve.org/view.php?id=CVE-2011-1254
16 Jun 2011 — Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability." Microsoft Internet Explorer v6 a la v8 no manejan adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no ha sido iniciado adecuadamente o (2) es borrado. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 • CWE-908: Use of Uninitialized Resource •
CVSS: 6.1EPSS: 18%CPEs: 34EXPL: 1CVE-2011-1252 – Microsoft Internet Explorer toStaticHTML Information Disclosure
https://notcve.org/view.php?id=CVE-2011-1252
16 Jun 2011 — Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability." Vulnera... • https://packetstorm.news/files/id/103241 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 5%CPEs: 22EXPL: 0CVE-2011-1258
https://notcve.org/view.php?id=CVE-2011-1258
16 Jun 2011 — Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." Microsoft Internet Explorer 6 hasta la 8, no restringe correctamente el script web, permitiendo a atacantes remotos asistidos por el usuario obtener información confidencial de otro (1) dominio o (2) zona a tra... • http://blogs.technet.com/b/msrc/archive/2011/06/09/june-advance-notification-service-and-10-immutable-laws-revisited.aspx • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 18%CPEs: 10EXPL: 0CVE-2011-1246
https://notcve.org/view.php?id=CVE-2011-1246
16 Jun 2011 — Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability." Microsoft Internet Explorer 8 no maneja adecuadamente las opciones de contenido en las respuestas HTTP, lo que permite a servidores web remotos obtener información sensible desde distintos (1) domain o (2) zone a través de una respuest... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 40%CPEs: 12EXPL: 0CVE-2011-1251
https://notcve.org/view.php?id=CVE-2011-1251
16 Jun 2011 — Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability." Microsoft Internet Explorer 8 no maneja adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no haya sido iniciado adecuadamente o (2) es eliminado. También se cono... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 46%CPEs: 30EXPL: 0CVE-2011-1250 – NSFOCUS Security Advisory 2011.1
https://notcve.org/view.php?id=CVE-2011-1250
15 Jun 2011 — Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Link Properties Handling Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 no maneja apropiadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitrario accediendo a un objeto que (1) no ha sido apropiadamente inicializad... • http://www.nsfocus.com/en/advisories/1101.html • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 82%CPEs: 26EXPL: 1CVE-2011-1260 – Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1260
14 Jun 2011 — Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability." Microsoft Internet Explorer 8 y 9 no maneja adecuadamente los objetos en memoria, lo qeu permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no haya sido iniciado adecuadamente o (2) sea eleiminado. También se co... • https://www.exploit-db.com/exploits/17409 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 45%CPEs: 22EXPL: 1CVE-2011-1256 – Microsoft Internet Explorer DOM Modification Race Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1256
14 Jun 2011 — Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability." Microsoft Internet Explorer v6 hasta v8 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código accediendo a un objeto que (1) no fue correctamente inicializado o (2) es borrado, también conocido c... • https://packetstorm.news/files/id/102367 • CWE-908: Use of Uninitialized Resource •