CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2012-1872
https://notcve.org/view.php?id=CVE-2012-1872
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability." Vulnerabilidad de ejecución de ejecución de comandos en sitios cruzados (XSS) en Microsoft Internet Explorer v6 hasta v9 que permite a atacantes remotos inyectar código web o html de su elección a través de una secuencia de caracteres manipulados con la codificación EUC-JP, también conocida como "vulnerabilidad de codificación de carácter EUC-JP". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15629 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 91%CPEs: 32EXPL: 0CVE-2012-1880 – Microsoft Internet Explorer insertRow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1880
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability." Microsoft Internet Explorer 6 hasta 9 no maneja adecuadamente objetos en memoria, lo que permite a un atacante remoto ejecutar código de su elección mediante el acceso a un objeto borrado, también conocido como "vulnerabilidad de ejecución remota de código insertRow". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles consecutive calls to insertRow. When the number of rows reaches a certain threshold the program fails to correctly relocate certain key objects. • http://www.us-cert.gov/cas/techalerts/TA12-164A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14975 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 91%CPEs: 40EXPL: 0CVE-2012-1877 – Microsoft Internet Explorer Title Element Change Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1877
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability." Microsoft Internet Explorer 6 hasta 9 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto borrado, también conocido como "vulnerabilidad de ejecución remota de código de cambio de título de elemento". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the 'onpropertychange' user callback function for the document.title. If the function changes the document in the callback function by using, for example, a document.write call, this can result in a use-after-free vulnerability. • http://www.us-cert.gov/cas/techalerts/TA12-164A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15472 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0CVE-2012-1882
https://notcve.org/view.php?id=CVE-2012-1882
Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability." Microsoft Internet Explorer 6 hasta 9 no bloquea eventos de desplazamiento de dominios cruzados, los cuales permiten a atacantes remotos leer contenido desde (1) un dominio o (2) zona a través de un sitio web manipulado, conocido también como "vulnerabilidad de publicación de información de eventos de desplazamiento" • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15367 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 91%CPEs: 32EXPL: 0CVE-2012-1879 – Microsoft Internet Explorer insertAdjacentText Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1879
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability." Microsoft Internet Explorer v6 hasta v9 no gestionan de forma correcta objetos en memoria, lo que permite a atacantes remotos ejecutar código intentado acceder a una posición de memoria no definida, también conocida como "OnRowsInserted Event Remote Code Execution Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles repeated calls to insertAdjacentText. When the size of the element reaches a certain threshold Internet Explorer fails to correctly relocate key elements. • http://www.us-cert.gov/cas/techalerts/TA12-164A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15588 • CWE-94: Improper Control of Generation of Code ('Code Injection') •