Page 33 of 1003 results (0.008 seconds)

CVSS: 9.3EPSS: 92%CPEs: 40EXPL: 0

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 6 a la 10, permite a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado que desencadena el acceso a un objeto eliminado, también conocido como "Internet Explorer OnResize, vulnerabilidad de uso después de liberación". • http://www.us-cert.gov/ncas/alerts/TA13-071A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16583 • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 92%CPEs: 13EXPL: 0

Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 8 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado que desencadena el acceso a un objeto eliminado, también conocido como "Internet Explorer CElement, vulnerabilidad de uso después de liberación". • http://www.us-cert.gov/ncas/alerts/TA13-071A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16526 • CWE-399: Resource Management Errors •

CVSS: 7.2EPSS: 0%CPEs: 16EXPL: 0

The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287. Los controladores USB de modo kernel en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, y R2 SP1, Windows 7 Gold y SP1, Windows 8, y Windows Server 2012 no gestionan apropiadamente los objetos en memoria, lo que permite a atacantes físicamente próximos ejecutar código arbitrario mediante la conexión de un dispositivo USB manipulado, también conocido como "Windows USB Descriptor Vulnerability", una vulnerabilidad diferente de CVE-2013-1286 y CVE-2013-1287. • http://www.us-cert.gov/ncas/alerts/TA13-071A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-027 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16441 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 93%CPEs: 40EXPL: 0

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 6 a la 10, permite a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado que desencadena el acceso a un objeto eliminado, también conocido como "Internet Explorer removeChild uso después de liberación". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CHtmlComponentProperty objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://www.us-cert.gov/ncas/alerts/TA13-071A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16634 • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 96%CPEs: 29EXPL: 1

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309. Vulnerabilidad no especificada en Microsoft Internet Explorer 10 en Windows 8 permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, como se mostró por VUPEN durante la competición Pwn2Own en CanSecWest 2013. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of VML data. The issue lies in the handling of an array when defined as an attribute of a subelement of a shape. • https://www.exploit-db.com/exploits/26175 http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 http://twitter.com/VUPEN/statuses/309479075385327617 http://twitter.com/thezdi/statuses/309452625173176320 http://www.us-cert.gov/ncas/alerts/TA13-134A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16317 • CWE-416: Use After Free •