CVSS: 2.6EPSS: 2%CPEs: 10EXPL: 0CVE-2010-0808
https://notcve.org/view.php?id=CVE-2010-0808
Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability." Microsoft Internet Explorer 6 y 7 en Windows XP y Vista no impide la secuencia de comandos simulando la interacción del usuario con la característica de AutoCompletado, lo que permite a atacantes remotos obtener información sensible a través de un sitio web, también conocido como "Vulnerabilidad AutoComplete Information Disclosure". • http://support.avaya.com/css/P8/documents/100113324 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6889 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 6%CPEs: 40EXPL: 1CVE-2010-3325 – Microsoft Internet Explorer 7/8 - CSS Handling Cross Domain Information Disclosure
https://notcve.org/view.php?id=CVE-2010-3325
Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability." Microsoft Internet Explorer v6 hasta v8 no controla correctamente los caracteres especiales no especificados en las Hojas de Estilo en Cascada (CSS), lo que permite a atacantes remotos obtener información sensible de diferente (1) dominios o (2) zonas a través de sitios web manipualdos, conocido como "Vulnerabilidad de revelación de caracter especial de información." • https://www.exploit-db.com/exploits/34602 http://support.avaya.com/css/P8/documents/100113324 http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7410 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 1%CPEs: 40EXPL: 0CVE-2010-3327
https://notcve.org/view.php?id=CVE-2010-3327
The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability." La aplicación de creación de contenido HTML en Microsoft Internet Explorer v6 y v8, no quita el elemento de anclaje (Anchor) durante la edición y el pegado, lo cual podría permitir a atacantes remotos obtener información sensible eliminada al visitar una página web, también conocido como "vulnerabilidad de divulgación de información de elementos de anclaje." • http://support.avaya.com/css/P8/documents/100113324 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7417 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 94%CPEs: 39EXPL: 0CVE-2010-3331
https://notcve.org/view.php?id=CVE-2010-3331
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta 8 no maneja adecuadamente objetos en memoria en ciertas circunstancias involucrando el uso de Microsoft Word para leer documentos Word, permite a atacantes remotos ejecutar códido de su elección accediendo a un objeto que (1) no fue correctamente inicializado o (2) es borrado, provocando una corrupción de memoria, también conocido como "Vulnerabilidad de corrupción de memoria no inicializada". • http://support.avaya.com/css/P8/documents/100113324 http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6832 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 91%CPEs: 26EXPL: 0CVE-2010-3328 – Microsoft Internet Explorer Stylesheet PrivateFind Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3328
Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en la función CAttrArray::PrivateFind en la biblioteca mshtml.dll en Microsoft Internet Explorer versión 6 hasta la versión 8 permite a los atacantes remotos ejecutar código arbitrario mediante el establecimiento de una propiedad no especificada de un objeto StyleSheet, también se conoce como "Uninitialized Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the function CAttrArray::PrivateFind as defined in mshtml.dll. If a specific property of a stylesheet object is set, the code within mshtml can be forced to free an object which is subsequently accessed later. • http://support.avaya.com/css/P8/documents/100113324 http://www.securityfocus.com/bid/43705 http://www.us-cert.gov/cas/techalerts/TA10-285A.html http://www.zerodayinitiative.com/advisories/ZDI-10-197 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7059 • CWE-416: Use After Free •