Page 44 of 392 results (0.007 seconds)

CVSS: 4.3EPSS: 1%CPEs: 97EXPL: 0

CVE-2011-2382

https://notcve.org/view.php?id=CVE-2011-2382

Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue. Microsoft Internet Explorer v8 y versiones anteriores, y la beta de Internet Explorer v9, no restringen adecuadamente las acciones de arrastrar y soltar a través de diferentes zonas de seguridad, lo que permite leer archivos de cookies a atacantes remotos asistidos por el usuario a través de vectores que implican un elemento IFRAME con un atributo SRC que contiene una URL file:, como lo demuestra un juego de Facebook, relacionado con un problema de "cookiejacking". • http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388 http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt http://news.cnet.com/8301-1009_3-20066419-83.html http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503 http://www.informationweek.com/news/security/vulnerabilities/229700031 http://www.networkworld.com/community/node/74259 http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking http://www. • CWE-20: Improper Input Validation •

CVSS: 5.8EPSS: 0%CPEs: 22EXPL: 0

CVE-2011-1244

https://notcve.org/view.php?id=CVE-2011-1244

Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." Microsoft Internet Explorer 6, 7 y 8 no realiza las restricciones de dominio pretendidas cuando se accede a los contenidos. Esto permite a atacantes remotos obtener información sensible o provocar ataques de clickjacking a través de un sitio web manipulado. También se cono como "Vulnerabilidad de Revelación de Información de Etiquetas de Marco" • http://osvdb.org/71777 http://www.securityfocus.com/bid/47191 http://www.securitytracker.com/id?1025327 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11926 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 4.3EPSS: 58%CPEs: 22EXPL: 0

CVE-2011-1245

https://notcve.org/view.php?id=CVE-2011-1245

Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability." Microsoft Internet Explorer 6 y 7 no restringen adecuadamente el acceso al contenido desde (1) un dominio distinto o (2) zona diferente, lo que permite a atacantes remotos obtener información sensible a través de un sitio web manipulado. También conocida como "Javascript Information Disclosure Vulnerability." • http://www.securityfocus.com/bid/47192 http://www.securitytracker.com/id?1025327 http://www.us-cert.gov/cas/techalerts/TA11-102A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12385 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 95%CPEs: 22EXPL: 0

CVE-2011-0094

https://notcve.org/view.php?id=CVE-2011-0094

Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layouts Handling Memory Corruption Vulnerability." La vulnerabilidad de Uso de Memoria Previamente Liberada (Use-after-free) en Microsoft Internet Explorer versiones 6 y 7 permite a los atacantes remotos ejecutar código arbitrario mediante el acceso a un objeto que (1) no se inicializó apropiadamente o (2) se elimina, también se conoce como "Layouts Handling Memory Corruption Vulnerability". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=900 http://www.securitytracker.com/id?1025327 http://www.us-cert.gov/cas/techalerts/TA11-102A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12463 • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 86%CPEs: 40EXPL: 0

CVE-2011-0035

https://notcve.org/view.php?id=CVE-2011-0035

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036. Microsoft Internet Explorer 6, 7, y 8 no maneja adecuadamente objetos en memoria, lo que permite que atacantes remotos ejecuten código de su elección accediendo al objeto que (1) no fue actualizado adecuadamente o (2) es borrado, permitiendo una corrupción de memoria, también conocido como "Uninitialized Memory Corruption Vulnerability," una vulnerabilidad diferente a CVE-2010-2556 y CVE-2011-0036. • http://osvdb.org/70831 http://support.avaya.com/css/P8/documents/100127294 http://www.securityfocus.com/bid/46157 http://www.securitytracker.com/id?1025038 http://www.vupen.com/english/advisories/2011/0318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003 https://exchange.xforce.ibmcloud.com/vulnerabilities/64911 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12371 • CWE-94: Improper Control of Generation of Code ('Code Injection') •