CVSS: 9.3EPSS: 92%CPEs: 32EXPL: 0CVE-2012-1879 – Microsoft Internet Explorer insertAdjacentText Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1879
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability." Microsoft Internet Explorer v6 hasta v9 no gestionan de forma correcta objetos en memoria, lo que permite a atacantes remotos ejecutar código intentado acceder a una posición de memoria no definida, también conocida como "OnRowsInserted Event Remote Code Execution Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles repeated calls to insertAdjacentText. When the size of the element reaches a certain threshold Internet Explorer fails to correctly relocate key elements. • http://www.us-cert.gov/cas/techalerts/TA12-164A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15588 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 2%CPEs: 26EXPL: 0CVE-2012-1873
https://notcve.org/view.php?id=CVE-2012-1873
Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability." Microsoft Internet Explorer v7 hasta v9 no crea ni inicializa las cadenas de datos de forma adecuada, lo que permite a atacantes remotos obtener información sensible de procesos de memoria a través de una documento HTML manipulado, también conocido como "Null Byte Information Disclosure Vulnerability." • http://www.us-cert.gov/cas/techalerts/TA12-164A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15026 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0CVE-2012-1882
https://notcve.org/view.php?id=CVE-2012-1882
Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability." Microsoft Internet Explorer 6 hasta 9 no bloquea eventos de desplazamiento de dominios cruzados, los cuales permiten a atacantes remotos leer contenido desde (1) un dominio o (2) zona a través de un sitio web manipulado, conocido también como "vulnerabilidad de publicación de información de eventos de desplazamiento" • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15367 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 92%CPEs: 32EXPL: 0CVE-2012-1880 – Microsoft Internet Explorer insertRow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1880
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability." Microsoft Internet Explorer 6 hasta 9 no maneja adecuadamente objetos en memoria, lo que permite a un atacante remoto ejecutar código de su elección mediante el acceso a un objeto borrado, también conocido como "vulnerabilidad de ejecución remota de código insertRow". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles consecutive calls to insertRow. When the number of rows reaches a certain threshold the program fails to correctly relocate certain key objects. • http://www.us-cert.gov/cas/techalerts/TA12-164A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14975 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 93%CPEs: 31EXPL: 0CVE-2012-1523
https://notcve.org/view.php?id=CVE-2012-1523
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability." Microsoft Internet Explorer v6 hasta v8 no gestionan de forma correcta objetos en memoria, lo que permite a atacantes remotos ejecutar código accediendo a un objeto eliminado, también conocida como "Center Element Remote Code Execution Vulnerability." • http://www.us-cert.gov/cas/techalerts/TA12-164A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15579 • CWE-94: Improper Control of Generation of Code ('Code Injection') •