CVSS: 5.8EPSS: 1%CPEs: 30EXPL: 0CVE-2012-1545
https://notcve.org/view.php?id=CVE-2012-1545
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. Microsoft Internet Explorer v6 a v9, y v10 Consumer Preview, permite a atacantes remotos eludir el modo protegido o causar una denegación de servicio (por corrupción de memoria), aprovechando el acceso a un proceso de baja integridad, como lo demostró VUPEN durante una competencia Pwn2Own en CanSecWest 2012 • http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars http://pwn2own.zerodayinitiative.com/status.html http://twitter.com/vupen/statuses/177895844828291073 http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 27EXPL: 0CVE-2012-0010
https://notcve.org/view.php?id=CVE-2012-0010
Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability." Microsoft Internet Explorer v6 hasta v9, no realiza adecuadamente las operaciones copiar y pegar, lo que permite a atacantes remotos asistidos por el usuario leer el contenido de un diferente (1) dominio o (2) zona a través de un sitio web modificado, también conocido como "Copy and Paste Information Disclosure Vulnerability." • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-010 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14835 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 1%CPEs: 27EXPL: 0CVE-2011-3404
https://notcve.org/view.php?id=CVE-2011-3404
Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 no utiliza apropiadamente la cabecera HTTP Content-Disposition para controlar la representación gráfica del cuerpo de la respuesta HTTP, lo que permite a atacantes remotos leer contenido de un (1) dominio o (2) zona distinta a través de un página web modificada. También conocida como "Vulnerabilidad de revelación de información Content-Disposition". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-099 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14614 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 101EXPL: 1CVE-2002-2435
https://notcve.org/view.php?id=CVE-2002-2435
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. La implementación de las Hojas de Estilo en Cascada (CSS) en Microsoft Internet Explorer, no controla correctamente el :visited pseudo-class, lo que permite a atacantes remotos obtener información sensible acerca de las páginas web visitadas a través de un documento HTML manipulado. Relacionado con CVE-2010-2264. • http://bugzilla.mozilla.org/show_bug.cgi?id=147777 http://w2spconf.com/2010/papers/p26.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/71817 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 1CVE-2011-4689
https://notcve.org/view.php?id=CVE-2011-4689
Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. Microsoft Internet Explorer v6 hasta v9, no impide la captura de datos sobre los tiempos de violación de "Same Origin Policy" durante los intentos de carga de IFRAME, lo que facilita a los atacantes remotos determinar si existe un documento en la caché del navegador a través de código JavaScript manipulado. • http://lcamtuf.coredump.cx/cachetime http://secunia.com/advisories/47129 • CWE-264: Permissions, Privileges, and Access Controls •