CVSS: 9.3EPSS: 43%CPEs: 23EXPL: 0CVE-2010-0487
https://notcve.org/view.php?id=CVE-2010-0487
14 Apr 2010 — The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview ... • http://www.us-cert.gov/cas/techalerts/TA10-103A.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 61%CPEs: 6EXPL: 0CVE-2010-0268 – Microsoft Windows Media Player Codec Retrieval Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0268
13 Apr 2010 — Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability." Vulnerabilidad no especificada en el control ActiveX de Windows Media Player (WMP) 9 en Microsoft Windows 2000 SP4 y XP SP2 y SP3 permite a atacantes remotos ejecutar código de su elección a través de contenido media manipulada,... • http://www.us-cert.gov/cas/techalerts/TA10-103A.html •
CVSS: 9.3EPSS: 63%CPEs: 26EXPL: 0CVE-2010-0267
https://notcve.org/view.php?id=CVE-2010-0267
31 Mar 2010 — Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 6 SP1 y 7 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no fue iniciado... • http://securitytracker.com/id?1023773 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 9%CPEs: 27EXPL: 0CVE-2010-0488
https://notcve.org/view.php?id=CVE-2010-0488
31 Mar 2010 — Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1 y 7 no maneja adecuadamente "cadenas de codificación" (encoding strings) no especificadas, lo que permite a atacantes remotos eludir la Política del Mismo Origen (Same Origin P... • http://jvn.jp/en/jp/JVN49467403/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.3EPSS: 32%CPEs: 27EXPL: 0CVE-2010-0489
https://notcve.org/view.php?id=CVE-2010-0489
31 Mar 2010 — Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability." Condición de carrera en Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1 y 7 permite a atacantes remotos ejecutar código de su elección mediante un documento HTML manipulado que dispara una corrupción de memoria, también conocido como "Race Condition Memory Corruption Vulnerab... • http://securitytracker.com/id?1023773 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 59%CPEs: 9EXPL: 0CVE-2010-0491
https://notcve.org/view.php?id=CVE-2010-0491
31 Mar 2010 — Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability." Vulnerabilidad de uso despues de liberación en Microsoft Internet Explorer 5.01 SP4, 6 y 6 SP1, permite a atacantes remotos ejecutar código de su elección cambiando propiedades no especificadas de un objeto HTML que tiene un gest... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=864 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 89%CPEs: 6EXPL: 2CVE-2010-0805 – Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0805
31 Mar 2010 — The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability." El control ActiveX de Tabular Data Control (TDC) en Internet Explorer de Microsoft versiones 5.01 SP4, 6 sobre Windows XP SP2 y SP3, y versión 6 SP1, permite a los atacantes remotos ... • https://www.exploit-db.com/exploits/12032 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 46%CPEs: 45EXPL: 0CVE-2010-0494
https://notcve.org/view.php?id=CVE-2010-0494
31 Mar 2010 — Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability." Vulnerabilidad de dominio cruzado en Microsoft Internet Explorer 6, 6 SP1, 7 y 8 permite a atacantes remotos asistidos por el usuario eludir la Polít... • http://securitytracker.com/id?1023773 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 91%CPEs: 25EXPL: 2CVE-2010-0806 – Microsoft Internet Explorer - 'iepeers.dll' Use-After-Free
https://notcve.org/view.php?id=CVE-2010-0806
10 Mar 2010 — Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability." La vulnerabilidad de Uso de la Memoria Previamente Liberada en el componente Peer Objects (también se conoce como iepeers.dll) en Microsoft Internet Explorer ver... • https://www.exploit-db.com/exploits/11683 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 81%CPEs: 10EXPL: 6CVE-2010-0483 – Microsoft Internet Explorer - 'Winhlp32.exe' MsgBox Code Execution (MS10-023)
https://notcve.org/view.php?id=CVE-2010-0483
03 Mar 2010 — vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." L... • https://www.exploit-db.com/exploits/16541 • CWE-94: Improper Control of Generation of Code ('Code Injection') •