CVSS: 9.3EPSS: 86%CPEs: 40EXPL: 0CVE-2011-0036
https://notcve.org/view.php?id=CVE-2011-0036
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035. Microsoft Internet Explorer 6, 7 y 8 no controlan correctamente los objetos en la memoria, lo que permite a atacantes remotos ejecutar código arbitrario mediante el acceso a un objeto que (1) no se ha inicializado correctamente o (2) se ha eliminado, lo que provoca que la memoria se corrompa. Esta vulnerabilidad está relacionada con un "dangling pointer" o "Uninitialized Memory Corruption Vulnerability", que es una vulnerabilidad diferente de CVE-2010-2556 y CVE-2011-0035. • http://osvdb.org/70832 http://support.avaya.com/css/P8/documents/100127294 http://www.securityfocus.com/bid/46158 http://www.securitytracker.com/id?1025038 http://www.vupen.com/english/advisories/2011/0318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003 https://exchange.xforce.ibmcloud.com/vulnerabilities/64912 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12261 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 56%CPEs: 40EXPL: 0CVE-2011-0346
https://notcve.org/view.php?id=CVE-2011-0346
Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en la función ReleaseInterface de la biblioteca MSHTML.dll en Microsoft Internet Explorer versiones 6, 7 y 8 permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de vectores relacionados con la implementación DOM y las funciones BreakAASpecial y BreakCircularMemoryReferences, como es demostrado por cross_fuzz, también se conoce como "MSHTML Memory Corruption Vulnerabilityā€¯. • http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0698.html http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt http://lcamtuf.coredump.cx/cross_fuzz/known_vuln.txt http://lcamtuf.coredump.cx/cross_fuzz/msie_crash.txt http://www.kb.cert.org/vuls/id/427980 h • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 1%CPEs: 14EXPL: 0CVE-2010-3342
https://notcve.org/view.php?id=CVE-2010-3342
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348. Microsoft Internet Explorer 6, 7 y 8 no previene el renderizado del contenido cacheado como HTML, lo que permite a atacantes remotos acceder al contenido a través de un (1)dominio distinto o (2) zona diferente a través de una secuencia de comandos no especificada. También conocida como "Cross-Domain Information Disclosure Vulnerability". Vulnerabilidad distinta de CVE-2010-3348. • http://www.securitytracker.com/id?1024872 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11447 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 1%CPEs: 22EXPL: 0CVE-2010-3348
https://notcve.org/view.php?id=CVE-2010-3348
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342. Microsoft Internet Explorer 6, 7 y 8 no previene el renderizado del contenido cacheado como HTML, lo que permite a atacantes remotos acceder al contenido a través de un (1)dominio distinto o (2) zona diferente a través de una secuencia de comandos no especificada. También conocida como "Cross-Domain Information Disclosure Vulnerability". Vulnerabilidad distinta de CVE-2010-3342. • http://www.securitytracker.com/id?1024872 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12055 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 91%CPEs: 22EXPL: 0CVE-2010-3340
https://notcve.org/view.php?id=CVE-2010-3340
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 6 y 7 no controla correctamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no se ha iniciado correctamente o (2) se elimina, lo que lleva a la corrupción de memoria, también conocido como "Vulnerabilidad de daños en memoria de objetos HTML" • http://www.securitytracker.com/id?1024872 http://www.us-cert.gov/cas/techalerts/TA10-348A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12204 • CWE-94: Improper Control of Generation of Code ('Code Injection') •