CVSS: 9.3EPSS: 88%CPEs: 30EXPL: 0CVE-2011-1261 – Microsoft Internet Explorer selection.empty Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1261
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Selection Object Memory Corruption Vulnerability." Microsoft Internet Explorer v6 a la v9 no manejan adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no ha sido iniciado adecuadamente o (2) es borrado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet explorer handles the javascript statement 'selection.empty' during certain onclick events. By causing a particular sequence of events, an attacker can cause a CDisplayObject to be freed while it is still in use. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12755 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 88%CPEs: 22EXPL: 0CVE-2011-1256 – Microsoft Internet Explorer DOM Modification Race Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1256
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability." Microsoft Internet Explorer v6 hasta v8 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código accediendo a un objeto que (1) no fue correctamente inicializado o (2) es borrado, también conocido como "DOM Modification Memory Corruption Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application handles multiple javascript modifications to the document. In certain instances the application will free an object due to a modification and then later access it again when attempting to destroy it. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12716 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 88%CPEs: 23EXPL: 0CVE-2011-1266 – Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1266
The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability." La implementación Vector Markup Language (VML) en vgx.dll en Microsoft Internet Explorer 6 hasta la 8, no maneja adecuadamente los objetos en memoria, permitiendo a atacantes remotos ejecutar código arbitrario accediento a un objeto que (1) no se ha inicializado correctamente o (2) es eliminado, también conocido como "Vulnerabiliad de Corrupción de memoria VML." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within vgx.dll while parsing VML objects from the DOM. Specifically, the faulty code exists while handling imagedata parameters during page deconstruction. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12593 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 88%CPEs: 26EXPL: 0CVE-2011-1262 – Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1262
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "HTTP Redirect Memory Corruption Vulnerability." Microsoft Internet Explorer 7 hasta la versión 9 no maneja apropiadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no ha sido apropiadamente inicializado o (2) ha sido borrado, también conocido como "vulnerabilidad de corrupción de memoria HTTP". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles HTTP 302 redirects to CDL protocols. When Internet Explorer tries to determine who is responsible for handling the protocol redirect it fails to keep a correct reference counter to a Transaction object which results in a use-after-free vulnerability. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12405 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 97%CPEs: 26EXPL: 1CVE-2011-1260 – Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1260
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability." Microsoft Internet Explorer 8 y 9 no maneja adecuadamente los objetos en memoria, lo qeu permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no haya sido iniciado adecuadamente o (2) sea eleiminado. También se conoce como "Vulnerabilidad de Diseño de Corrupción de Memoria" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles unusual values for the layout-grid-char style property. Specific values may result in the destruction of a tree node that is still in use during the rendering of the HTML page. • https://www.exploit-db.com/exploits/17409 http://securityreason.com/securityalert/8275 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12308 http://d0cs4vage.blogspot.com/2011/06/insecticides-dont-kill-bugs-patch.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •