CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2011-1258
https://notcve.org/view.php?id=CVE-2011-1258
Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." Microsoft Internet Explorer 6 hasta la 8, no restringe correctamente el script web, permitiendo a atacantes remotos asistidos por el usuario obtener información confidencial de otro (1) dominio o (2) zona a través de vectores que implican una operación de "arrastrar y soltar", también conocido como "Vulnerabilidad de revelación de información de arrastrar y soltar" • http://blogs.technet.com/b/msrc/archive/2011/06/09/june-advance-notification-service-and-10-immutable-laws-revisited.aspx https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12495 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.3EPSS: 30%CPEs: 22EXPL: 0CVE-2011-1254
https://notcve.org/view.php?id=CVE-2011-1254
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability." Microsoft Internet Explorer v6 a la v8 no manejan adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no ha sido iniciado adecuadamente o (2) es borrado. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12368 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 92%CPEs: 22EXPL: 1CVE-2011-1255 – Microsoft Internet Explorer - Time Element Memory Corruption (MS11-050)
https://notcve.org/view.php?id=CVE-2011-1255
The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability." La implantación de extensiones multimedia interactivas temporizadas ("Timed Interactive Multimedia Extensions" o HTML+TIME) en Microsoft Internet Explorer 6 hasta la versión 8 no maneja apropiadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitraio accediendo a un objeto que (1) no ha sido apropiadamente inicializado o (2) ha sido borrado. También conocido como "Vulnerabilidad de corrupción de memoria de elemento Time". • https://www.exploit-db.com/exploits/20547 http://blogs.technet.com/b/srd/archive/2011/06/14/ms11-050-ie9-is-better.aspx http://osvdb.org/72947 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12227 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 16%CPEs: 30EXPL: 0CVE-2011-1250
https://notcve.org/view.php?id=CVE-2011-1250
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Link Properties Handling Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 no maneja apropiadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitrario accediendo a un objeto que (1) no ha sido apropiadamente inicializado o (2) ha sido borrado. También conocido como "vulnerabilidad de corrupción de memoria en el manejo de propiedades Link". • http://www.nsfocus.com/en/advisories/1101.html http://www.securityfocus.com/archive/1/518445/100/0/threaded https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12708 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 88%CPEs: 22EXPL: 0CVE-2011-1256 – Microsoft Internet Explorer DOM Modification Race Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1256
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability." Microsoft Internet Explorer v6 hasta v8 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código accediendo a un objeto que (1) no fue correctamente inicializado o (2) es borrado, también conocido como "DOM Modification Memory Corruption Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application handles multiple javascript modifications to the document. In certain instances the application will free an object due to a modification and then later access it again when attempting to destroy it. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12716 • CWE-908: Use of Uninitialized Resource •