CVE-2011-1996 – Internet Explorer Select Element Cache Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1996
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability." Microsoft Internet Explorer v6 y v8, no tratan correctamente los objetos en la memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto eliminado. También conocida como "vulnerabilidad de ejecución remota de código a través del elemento Option". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the caching implementation of a Select element. • https://www.exploit-db.com/exploits/24020 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12896 •
CVE-2011-1997
https://notcve.org/view.php?id=CVE-2011-1997
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnLoad Event Remote Code Execution Vulnerability." Microsoft Internet Explorer v6 no gestiona adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su eleccion accediendo a un objeto eliminado. También conocida como "vulnerabilidad de ejecución remota de código del evento OnLoad". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13204 • CWE-20: Improper Input Validation •
CVE-2011-2000 – Microsoft Internet Explorer swapNode Handling Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2000
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability." Microsoft Internet Explorer v6 a v9 no trata correctamente los objetos en la memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto eliminado. También conocida como "vulnerabilidad de ejecución remota de código a través del elemento Body". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles calls to the method swapNode(). • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13083 •
CVE-2011-2001 – Microsoft Internet Explorer SetExpandedClipRect Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2001
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability." Microsoft Internet Explorer v6 a v9 no trata correctamente los objetos en la memoria, lo que permite a atacantes remotos ejecutar código de su elección a través de un intento de acceso a una tabla de una función virtual después de que la corrupción de esta tabla se haya producido. También conocida como "vulnerabilidad de ejecución remota de código por corrupción de la Tabla de Función Virtual". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within mshtml.dll and is a logic bug in the way it handles the 'extra size index' in certain CDispNode classes within the SetExpandedClipRect function. • http://www.securityfocus.com/bid/49966 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12223 •
CVE-2011-1962
https://notcve.org/view.php?id=CVE-2011-1962
Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 no maneja apropiadamente secuencias de caracteres sin especificar, lo que permite a atacantes remotos leer contenido de un diferente (1) dominio o (2) zona a través de una web modificada que provoca un "filtrado interactivo". También conocido como "vulnerabilidad de codificación de caracteres Shift JIS". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12657 • CWE-20: Improper Input Validation •