CVSS: 4.3EPSS: 93%CPEs: 49EXPL: 1CVE-2010-0255
https://notcve.org/view.php?id=CVE-2010-0255
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448. Microsoft Internet Explorer v5.01 SP4, v6, vv6 SP1, v7, y v8 no previene el renderizado de ficheros locales no HTML como documentos HTML, lo que permite a atacantes remotos superar las restricciones de acceso establecidas y leer ficheros a su elección a través de vectores que incluyen codigo explotable JavaScript que constituye una referencia en un fichero URL file://127.0.0.1, también conocido como vulnerabilidad de etiqueta OBJETC dinámica, como queda demostrado en los datos obtenidos de un fichero index.dat, una variante de CVE-2009-1140 y relacionada con CVE-2008-1448. • http://blogs.technet.com/msrc/archive/2010/02/03/security-advisory-980088-released.aspx http://isc.sans.org/diary.html?n&storyid=8152 http://osvdb.org/62156 http://support.avaya.com/css/P8/documents/100089747 http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag http://www.microsoft.com/technet/security/advisory/980088.mspx http://www.securityfocus.com/archive/1/509345/100/0/threaded http://www.securityfocus.com/bid/38055 http://www.securityfocus.com/bid/3805 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 95%CPEs: 46EXPL: 1CVE-2010-0027 – Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0027
The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability." La funcionalidad de validación de URL en Microsoft Internet Explorer versiones 5.01, 6, 6 SP1, 7 y 8, y la función de la API ShellExecute en Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2, no procesa apropiadamente los parámetros de entrada, lo que permite a los atacantes remotos ejecutar programas locales arbitrarios por medio de una URL creada, también conocida como "URL Validation Vulnerability". This vulnerability allows remote attackers to force a Microsoft Windows system to execute a given local executable. User interaction is required in that the target must access a malicious URL. The specific flaw exists within the ShellExecute API. Using a specially formatted URL an attacker can bypass sanitization checks within this function and force the calling application into running an executable of their choice. • https://www.exploit-db.com/exploits/33552 http://www.securityfocus.com/archive/1/509470/100/0/threaded http://www.us-cert.gov/cas/techalerts/TA10-040A.html http://www.zerodayinitiative.com/advisories/ZDI-10-016 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-007 https://exchange.xforce.ibmcloud.com/vulnerabilities/55773 https://oval.cisecurity.org/repository/search/definition/oval% • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 93%CPEs: 25EXPL: 0CVE-2010-0247
https://notcve.org/view.php?id=CVE-2010-0247
Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01 SP4, 6 y 6 SP1 no maneja de manera apropiada los objetos en memoria lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue correctamente iniciado o (2) es borrado, lo que conduce a una corrupción de memoria, también conocida como "Vulnerabilidad de Corrupción de Memoria no Iniciada". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 https://exchange.xforce.ibmcloud.com/vulnerabilities/55777 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8506 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 95%CPEs: 33EXPL: 5CVE-2010-0249 – MS10-002 Microsoft Internet Explorer "Aurora" Memory Corruption
https://notcve.org/view.php?id=CVE-2010-0249
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 6, 6 SP1, 7 y 8 en Windows 2000 SP4; Windows XP SP2 y SP3; Windows Server 2003 SP2; Windows Vista Gold SP1 y SP2; Windows Server 2008 Gold, SP2 y R2; y Windows 7; permite a atacantes remotos ejecutar código de su elección accediendo a un puntero asociado a un objeto eliminado, como se ha explotado activamente en Enero 2010. • https://www.exploit-db.com/exploits/16599 https://www.exploit-db.com/exploits/11167 http://blogs.technet.com/msrc/archive/2010/01/14/security-advisory-979352.aspx http://news.cnet.com/8301-27080_3-10435232-245.html http://osvdb.org/61697 http://securitytracker.com/id?1023462 http://support.microsoft.com/kb/979352 http://www.exploit-db.com/exploits/11167 http://www.kb.cert.org/vuls/id/492515 http://www.microsoft.com/technet/security/advisory/979352.mspx http:/ • CWE-416: Use After Free •
CVSS: 9.3EPSS: 81%CPEs: 37EXPL: 0CVE-2009-3671 – Microsoft Internet Explorer XHTML DOM Manipulation Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-3671
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674. Microsoft Internet Explorer no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue inicializado adecuadamente o (2) es borrado, provocando una corrupción de memoria, conocido como "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a user must visit a malicious web page. The specific flaw exists in the manipulation and parsing of certain HTML tags. The ordering of various objects in a malformed way results in memory corruption resulting in a call to a dangling pointer which can be further leveraged via a heap spray. • http://www.securitytracker.com/id?1023293 http://www.us-cert.gov/cas/techalerts/TA09-342A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6382 • CWE-399: Resource Management Errors •