CVSS: 9.3EPSS: 86%CPEs: 4EXPL: 0CVE-2012-2522
https://notcve.org/view.php?id=CVE-2012-2522
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability." Microsoft Internet Explorer v6 y v9 no trata correctamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitrario mediante el acceso a una función de tabla virtual malformada después de la eliminación de la tabla. • http://www.us-cert.gov/cas/techalerts/TA12-227A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15498 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 91%CPEs: 2EXPL: 0CVE-2012-1526
https://notcve.org/view.php?id=CVE-2012-1526
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability." Microsoft Internet Explorer v6 y v7 no trata correctamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no se ha inicializado o (2) se elimina. Se trata de un problema también conocido como "Vulnerabilidad de corrupción de la capa de memoria". • http://www.us-cert.gov/cas/techalerts/TA12-227A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15240 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 86%CPEs: 4EXPL: 0CVE-2012-2521
https://notcve.org/view.php?id=CVE-2012-2521
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Asynchronous NULL Object Access Remote Code Execution Vulnerability." Microsoft Internet Explorer 6 hasta 9 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto borrado, también conocido como "Asynchronous NULL Object Access Remote Code Execution Vulnerability." • http://www.us-cert.gov/cas/techalerts/TA12-227A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15742 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 91%CPEs: 40EXPL: 0CVE-2012-1878 – Microsoft Internet Explorer OnBeforeDeactivate Event Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1878
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability." Microsoft Internet Explorer v6 hasta v9 no gestionan de forma correcta objetos en memoria, lo que permite a atacantes remotos ejecutar código accediendo a un objeto eliminado, también conocido como "OnBeforeDeactivate Event Remote Code Execution Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles the onbeforedeactivate callback function for certain elements. During the execution of the onbeforedeactivate callback function it is possible to alter the DOM tree of the page which can lead to a use-after-free vulnerability when the function returns. • http://www.us-cert.gov/cas/techalerts/TA12-164A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15632 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2012-1872
https://notcve.org/view.php?id=CVE-2012-1872
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability." Vulnerabilidad de ejecución de ejecución de comandos en sitios cruzados (XSS) en Microsoft Internet Explorer v6 hasta v9 que permite a atacantes remotos inyectar código web o html de su elección a través de una secuencia de caracteres manipulados con la codificación EUC-JP, también conocida como "vulnerabilidad de codificación de carácter EUC-JP". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15629 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •