Page 47 of 715 results (0.005 seconds)

CVSS: 9.3EPSS: 73%CPEs: 4EXPL: 0

CVE-2010-3343

https://notcve.org/view.php?id=CVE-2010-3343

Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 6 no controla correctamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no se ha iniciado correctamente o (2) se elimina, lo que lleva a la corrupción de memoria, también conocido como "Vulnerabilidad de corrupción de memoria de objetos HTML". • http://www.securitytracker.com/id?1024872 http://www.us-cert.gov/cas/techalerts/TA10-348A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12372 • CWE-908: Use of Uninitialized Resource •

CVSS: 9.3EPSS: 91%CPEs: 22EXPL: 0

CVE-2010-3340

https://notcve.org/view.php?id=CVE-2010-3340

Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 6 y 7 no controla correctamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no se ha iniciado correctamente o (2) se elimina, lo que lleva a la corrupción de memoria, también conocido como "Vulnerabilidad de daños en memoria de objetos HTML" • http://www.securitytracker.com/id?1024872 http://www.us-cert.gov/cas/techalerts/TA10-348A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12204 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 93%CPEs: 22EXPL: 0

CVE-2010-3346 – Microsoft Internet Explorer HTML+Time Element outerText Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2010-3346

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 7 y 8 no manejan correctamente los objetos en memoria, permitiendo a atacantes remotos ejecutar código arbitrario mediante el acceso a un objeto que (1) no se ha iniciado correctamente o (2) es eliminado, lo que genera una corrupción de memoria, también conocido como "vulnerabilidad de corrupción de memoria en un elemento HTML." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must be convinced of visiting a malicious page or opening a malicious file. The specific flaw exists within usage of a particular element that's part of the Timed Interactive Multimedia Extensions component of the browser. By removing an element referenced by a tag used for implementing an animation, the application can be made to access an element that has been previously freed. • http://www.securitytracker.com/id?1024872 http://www.us-cert.gov/cas/techalerts/TA10-348A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12322 • CWE-908: Use of Uninitialized Resource •

CVSS: 9.3EPSS: 97%CPEs: 22EXPL: 5

CVE-2010-3962 – Microsoft Internet Explorer - Memory Corruption

https://notcve.org/view.php?id=CVE-2010-3962

Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. La vulnerabilidad de Uso de la Memoria Previamente Liberada en Microsoft Internet Explorer versiones 6, 7 y 8 permite a los atacantes remotos ejecutar código arbitrario por medio de vectores relacionados con secuencias de tokens de Hojas de Estilo en Cascada (CSS) y el atributo de clip, también se conoce como un problema "invalid flag reference" o "Uninitialized Memory Corruption Vulnerability," tal y como se explotó "in the wild" en noviembre 2010. • https://www.exploit-db.com/exploits/15418 https://www.exploit-db.com/exploits/15421 https://www.exploit-db.com/exploits/16551 http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx http://secunia.com/advisories/42091 http://www.exploit-db.com/exploits/15418 http://www.exploit-db.com/exploits/15421 http://www.kb.cert.org/vuls/id/899748 http://www.microsoft.com/technet/security/advisory/2458511.mspx http://www.securityfocus • CWE-416: Use After Free •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2010-3985

https://notcve.org/view.php?id=CVE-2010-3985

Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9.0, when Internet Explorer 6.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS)en HP Operations Orchestration anterior v9.0, cuando usa Internet Explorer v6.0, permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores no especificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02541822 http://osvdb.org/68906 http://secunia.com/advisories/41983 http://www.securityfocus.com/bid/44331 http://www.vupen.com/english/advisories/2010/2760 https://exchange.xforce.ibmcloud.com/vulnerabilities/62727 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •