Page 38 of 715 results (0.005 seconds)

CVSS: 9.3EPSS: 91%CPEs: 32EXPL: 0

CVE-2012-1880 – Microsoft Internet Explorer insertRow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2012-1880

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability." Microsoft Internet Explorer 6 hasta 9 no maneja adecuadamente objetos en memoria, lo que permite a un atacante remoto ejecutar código de su elección mediante el acceso a un objeto borrado, también conocido como "vulnerabilidad de ejecución remota de código insertRow". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles consecutive calls to insertRow. When the number of rows reaches a certain threshold the program fails to correctly relocate certain key objects. • http://www.us-cert.gov/cas/techalerts/TA12-164A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14975 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 97%CPEs: 34EXPL: 7

CVE-2012-1876 – Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2012-1876

Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. Consumer Preview de Microsoft Internet Explorer versión 6 hasta la versión 9 y versión 10 , no maneja apropiadamente los objetos en la memoria, lo que permite a los atacantes remotos ejecutar código arbitrario mediante el intento de acceder a un objeto inexistente, lo que conlleva a un desbordamiento del búfer en la región Heap de la memoria, también se conoce como "Col Element Remote Code Execution Vulnerability" demostrado por VUPEN durante una competición Pwn2Own en CanSecWest 2012. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles dynamically changed colspans on a column in a table with the table-layout:fixed style. If the colspan is increased after initial creation it will result in a heap overflow. • https://www.exploit-db.com/exploits/20174 https://www.exploit-db.com/exploits/24017 https://www.exploit-db.com/exploits/34815 https://www.exploit-db.com/exploits/33944 https://www.exploit-db.com/exploits/35273 https://github.com/WizardVan/CVE-2012-1876 https://github.com/ExploitCN/CVE-2012-1876-win7_x86_and_win7x64 http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars http://pwn2own.zerodayinitiative.com/status.html http: • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.6EPSS: 7%CPEs: 27EXPL: 0

CVE-2012-0168

https://notcve.org/view.php?id=CVE-2012-0168

Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario a través de un documento HTML modificado que no es apropiadamente manejado durante una operación de impresión "Print table of links". También conocida como "vulnerabilidad de ejecución de código remota de la funcionalidad Print". • http://osvdb.org/81126 http://www.securitytracker.com/id?1026901 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023 https://exchange.xforce.ibmcloud.com/vulnerabilities/74379 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15577 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 94%CPEs: 2EXPL: 0

CVE-2012-0170

https://notcve.org/view.php?id=CVE-2012-0170

Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnerability." Microsoft Internet Explorer 6 hasta la versión 7 no maneja apropiadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitrario accediendo a un objeto borrado. También conocida como "vulnerabilidad de ejecución de código remota OnReadyStateChange". • http://osvdb.org/81128 http://www.securitytracker.com/id?1026901 http://www.us-cert.gov/cas/techalerts/TA12-101A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023 https://exchange.xforce.ibmcloud.com/vulnerabilities/74381 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15573 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 95%CPEs: 27EXPL: 0

CVE-2012-0171

https://notcve.org/view.php?id=CVE-2012-0171

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 no maneja apropiadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitrario accediendo a un objeto borrado. También conocida como "vulnerabilidad de ejecución de código remota SelectAll". • http://www.securitytracker.com/id?1026901 http://www.us-cert.gov/cas/techalerts/TA12-101A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023 https://exchange.xforce.ibmcloud.com/vulnerabilities/74382 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15313 • CWE-94: Improper Control of Generation of Code ('Code Injection') •