CVSS: 9.3EPSS: 87%CPEs: 4EXPL: 0CVE-2013-0018 – Microsoft Internet Explorer SetCapture Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0018
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SetCapture Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 6 a 9 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado que desencadena el acceso a un objeto eliminado, también conocido como "Internet Explorer uso después de liberación en SetCapture". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setCapture method. By calling setCapture on a carefully structured document an attacker can force a dangling pointer to be reused after it has been freed. • http://www.us-cert.gov/cas/techalerts/TA13-043B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16438 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 79%CPEs: 40EXPL: 0CVE-2013-0030
https://notcve.org/view.php?id=CVE-2013-0030
The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability." La implementación de Vector Markup Language (VML) en Microsoft Internet Explorer 6 a 10 no se asignan correctamente buffers, lo que permite a atacantes remotos ejecutar código arbitrario a través de un sitio web hecho a mano, también conocido como "Vulnerabilidad de corrupción en la memoria VML". • http://www.us-cert.gov/cas/techalerts/TA13-043B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-010 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16175 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 87%CPEs: 4EXPL: 0CVE-2013-0028 – Microsoft Internet Explorer CObjectElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0028
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CObjectElement Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 6 hasta 9 permite atacantes remotos ejecutar código arbitrario a través de un sitio web modificado que desencadena el acceso a un objeto eliminado, también conocido como "Internet Explorer CObjectElement Use After Free Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CObjectElement objects. The issue lies in the usage of URL references when defining a CSS cursor property. • http://www.us-cert.gov/cas/techalerts/TA13-043B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16249 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 17%CPEs: 4EXPL: 0CVE-2013-0015
https://notcve.org/view.php?id=CVE-2013-0015
Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability." Microsoft Internet Explorer 6 hasta 9 no realiza correctamente la auto selección de codificación Shift JIS, lo que permite a atacantes remotos leer contenido desde (1) un dominio diferente o (2) una zona a través de un sitio web manipulado que dispara eventos de desplazamiento de dominios cruzados, también conocido como "Shift JIS Character Encoding Vulnerability." • http://www.us-cert.gov/cas/techalerts/TA13-043B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16371 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.6EPSS: 0%CPEs: 6EXPL: 0CVE-2012-6502
https://notcve.org/view.php?id=CVE-2012-6502
Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence. Microsoft Internet Explorer antes de v10, permite a atacantes remotos obtener información sensible acerca de la existencia de archivos, y leer algunos datos de los archivos, a través de una ruta de acceso compartido UNC en el atributo SRC de un elemento SCRIPT, como lo demuestra la lectura de un par nombre-valor de una archivo local a través de una secuencia \\127.0.0.1\C$\. • http://www.nsfocus.com/en/2012/advisories_1228/119.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •