CVE-2013-3142 – Microsoft Internet Explorer CEventObj Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3142
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3139. Microsoft Internet Explorer 6 hasta 10, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web malicioso, también conocido como "Vulnerabilidad de corrupción de memoria en Internet Explorer", una vulnerabilidad diferente a CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, y CVE-2013-3139. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CEventObj objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://www.us-cert.gov/ncas/alerts/TA13-168A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16704 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-1308 – Microsoft Internet Explorer TransNavContext Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1308
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1309 and CVE-2013-2551. Vulnerabilidad de tipo "usar después de liberar" en Microsoft Internet Explorer v6 hasta v10 permite a atacantes remotos ejecutar código de su elección mediante un sitio web malintencionado que genera el acceso a un objeto eliminado, también conocido como "Vulnerabilidad de usar después de liberar en Internet Explorer", una vulnerabilidad diferente a CVE-2013-1309 y CVE-2013-2551. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TransNavContext objects. The issue lies in focusing on an element, reloading the page, then manipulating the DOM while focus still resides with the element. • http://www.us-cert.gov/ncas/alerts/TA13-134A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16415 • CWE-416: Use After Free •
CVE-2013-1310
https://notcve.org/view.php?id=CVE-2013-1310
Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." Vulnerabilidad de tipo "usar después de liberar" en Microsoft Internet Explorer v6 y v7 permite a atacantes remotos ejecutar código de su elección mediante un sitio web malintencionado que lanza el acceso a un objeto eliminado, también conocido como "Vulnerabilidad de usar después de liberar en Internet Explorer" • http://www.us-cert.gov/ncas/alerts/TA13-134A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16689 • CWE-416: Use After Free •
CVE-2013-1309 – Microsoft Internet Explorer CDispNode Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1309
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-2551. Vulnerabilidad de tipo "usar después de liberar" en Microsoft Internet Explorer v6 hasta v10 permite a atacantes remotos ejecutar código de su elección mediante un sitio web malintencionado que lanza el acceso a un objeto eliminado, también conocido como "Vulnerabilidad de usar después de liberar en Internet Explorer", una vulnerabilidad diferente a CVE-2013-1308 y CVE-2013-2551. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within styles being applied to elements on the DOM causing a negatively positioned CDispNode to be freed. The process can be later forced to reuse this object resulting in a use-after-free condition. • https://www.exploit-db.com/exploits/40893 http://blog.skylined.nl/20161207001.html http://packetstormsecurity.com/files/140094/Microsoft-Internet-Explorer-MSHTML-CDispNode-InsertSiblingNode-Use-After-Free.html http://www.us-cert.gov/ncas/alerts/TA13-134A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16396 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef • CWE-416: Use After Free •
CVE-2013-1297
https://notcve.org/view.php?id=CVE-2013-1297
Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability." Microsoft Internet Explorer v6 hasta v8 no retringe correctamente el acceso de datos por VBScript, lo que permite a atacantes remotos llevar a cabo lectura de dominios cruzados ("cross-domain") de ficheros JSON mediante un sitio web especialmente diseñado, también conocido como "Vulnerabilidad de revelación de información de un array JSON" • http://www.us-cert.gov/ncas/alerts/TA13-134A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16518 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •