Page 47 of 715 results (0.008 seconds)

CVSS: 9.3EPSS: 76%CPEs: 4EXPL: 0

Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 6 no controla correctamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no se ha iniciado correctamente o (2) se elimina, lo que lleva a la corrupción de memoria, también conocido como "Vulnerabilidad de corrupción de memoria de objetos HTML". • http://www.securitytracker.com/id?1024872 http://www.us-cert.gov/cas/techalerts/TA10-348A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12372 • CWE-908: Use of Uninitialized Resource •

CVSS: 9.3EPSS: 89%CPEs: 22EXPL: 0

Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 6 y 7 no controla correctamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no se ha iniciado correctamente o (2) se elimina, lo que lleva a la corrupción de memoria, también conocido como "Vulnerabilidad de daños en memoria de objetos HTML" • http://www.securitytracker.com/id?1024872 http://www.us-cert.gov/cas/techalerts/TA10-348A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12204 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 94%CPEs: 22EXPL: 0

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 7 y 8 no manejan correctamente los objetos en memoria, permitiendo a atacantes remotos ejecutar código arbitrario mediante el acceso a un objeto que (1) no se ha iniciado correctamente o (2) es eliminado, lo que genera una corrupción de memoria, también conocido como "vulnerabilidad de corrupción de memoria en un elemento HTML." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must be convinced of visiting a malicious page or opening a malicious file. The specific flaw exists within usage of a particular element that's part of the Timed Interactive Multimedia Extensions component of the browser. By removing an element referenced by a tag used for implementing an animation, the application can be made to access an element that has been previously freed. • http://www.securitytracker.com/id?1024872 http://www.us-cert.gov/cas/techalerts/TA10-348A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12322 • CWE-908: Use of Uninitialized Resource •

CVSS: 9.3EPSS: 97%CPEs: 22EXPL: 5

Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. La vulnerabilidad de Uso de la Memoria Previamente Liberada en Microsoft Internet Explorer versiones 6, 7 y 8 permite a los atacantes remotos ejecutar código arbitrario por medio de vectores relacionados con secuencias de tokens de Hojas de Estilo en Cascada (CSS) y el atributo de clip, también se conoce como un problema "invalid flag reference" o "Uninitialized Memory Corruption Vulnerability," tal y como se explotó "in the wild" en noviembre 2010. • https://www.exploit-db.com/exploits/15418 https://www.exploit-db.com/exploits/15421 https://www.exploit-db.com/exploits/16551 http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx http://secunia.com/advisories/42091 http://www.exploit-db.com/exploits/15418 http://www.exploit-db.com/exploits/15421 http://www.kb.cert.org/vuls/id/899748 http://www.microsoft.com/technet/security/advisory/2458511.mspx http://www.securityfocus • CWE-416: Use After Free •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9.0, when Internet Explorer 6.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS)en HP Operations Orchestration anterior v9.0, cuando usa Internet Explorer v6.0, permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores no especificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02541822 http://osvdb.org/68906 http://secunia.com/advisories/41983 http://www.securityfocus.com/bid/44331 http://www.vupen.com/english/advisories/2010/2760 https://exchange.xforce.ibmcloud.com/vulnerabilities/62727 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •