CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0078
https://notcve.org/view.php?id=CVE-2013-0078
The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability." El Microsoft Antimalware Client en Windows Defender en Windows 8 y Windows RT utiliza un nombre incorrecto de ruta para MsMpEng.exe, lo que permite a usuarios locales elevar sus privilegios a través de una aplicación manipulada. Aka "Microsoft Antimalware Improper Pathname Vulnerability." • http://www.us-cert.gov/ncas/alerts/TA13-100A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-034 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16293 • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 14EXPL: 0CVE-2013-1292
https://notcve.org/view.php?id=CVE-2013-1292
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." condición de carrera en win32k.sys en los controladores del kernel en Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, y R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT permite a usuarios locales elevar sus privilegios a través de una aplicación manipulada que aprovecha un manejo incorrecto de objetos en memoria. Aka "Win32k Race Condition Vulnerability." • http://www.us-cert.gov/ncas/alerts/TA13-100A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-036 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16575 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2013-1299
https://notcve.org/view.php?id=CVE-2013-1299
Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message. Microsoft Windows Modern Mail permite a atacantes remotos burlar destinos de enlace a través de un manipulado HTML e-mail. • http://support.microsoft.com/kb/2832006 http://technet.microsoft.com/security/advisory/2819682 •
CVSS: 9.3EPSS: 93%CPEs: 40EXPL: 0CVE-2013-0088 – Microsoft Internet Explorer saveHistory Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0088
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 6 a la 10, permite a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado que desencadena el acceso a un objeto eliminado, también conocido como "Internet Explorer saveHistory, vulnerabilidad de uso después de liberación". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific issue is due to the way Internet Explorer handles elements associated to the saveHistory behavior and an onload event handler. The process can be made to re-use a freed object. • http://www.us-cert.gov/ncas/alerts/TA13-071A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16386 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 93%CPEs: 40EXPL: 0CVE-2013-0089 – Microsoft Internet Explorer CMarkupBehaviorContext Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0089
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 6 a la 10, permite a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado que desencadena el acceso a un objeto eliminado, también conocido como "Internet Explorer CMarkupBehaviorContex, vulnerabilidad de uso después de liberación". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the handling of CMarkupBehaviorContext objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://www.us-cert.gov/ncas/alerts/TA13-071A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16587 • CWE-399: Resource Management Errors •