Page 48 of 393 results (0.012 seconds)

CVSS: 9.3EPSS: 18%CPEs: 22EXPL: 0

Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability." Condición de carrera en Microsoft Internet Explorer 6,7 y 8 permite a atacantes ejecutar código arbitrario o producir una denegación de servicio (corrupción de memoria) mediante vectores relacionados con un objeto en memoria. • http://www.us-cert.gov/cas/techalerts/TA10-222A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11853 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 4.3EPSS: 21%CPEs: 40EXPL: 0

Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability." Microsoft Internet Explorer 6, 7 y 8, no determinan apropiadamente el origen de código script, lo que permite a atacantes remotos ejecutar código en un dominio o zona de seguridad no deseados y obtener información sensible a través de vectores no especificados, también conocido cómo "Event Handler Cross-Domain Vulnerability." • http://www.us-cert.gov/cas/techalerts/TA10-222A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11954 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 91%CPEs: 43EXPL: 0

Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer v6 SP 1 y SP 2, v7 y v8 permite a atacantes remotos ejecutar código a su elección mediante el acceso a un objeto que (1) no se ha iniciado correctamente o (2) se ha eliminado, lo que lleva a la corrupción de memoria, también conocido como "Vulnerabilidad de Corrupción de Memoria No Inicializada". • http://osvdb.org/65215 http://support.avaya.com/css/P8/documents/100089747 http://www.us-cert.gov/cas/techalerts/TA10-159B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7324 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 90%CPEs: 43EXPL: 0

Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability." Microsoft Internet Explorer versión 6 SP1 y SP2, versión 7 y 8, permiten a los atacantes remotos ejecutar código arbitrario al acceder a un objeto que (1) no se inicializó de manera apropiada (2) se elimina, lo que conlleva a la corrupción de la memoria, relacionada con el objeto CStyleSheet y un contenedor libre de tipo root, que se conoce como "Memory Corruption Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page. The specific flaw exists within IE's support for the CStyleSheet object. When a style sheet array is created it contains a reference to it's root container. • http://support.avaya.com/css/P8/documents/100089747 http://www.securityfocus.com/archive/1/511727/100/0/threaded http://www.securityfocus.com/bid/40417 http://www.us-cert.gov/cas/techalerts/TA10-159B.html http://www.zerodayinitiative.com/advisories/ZDI-10-102 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7406 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 68%CPEs: 26EXPL: 0

Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 6 SP1 y 7 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no fue iniciado de manera apropiada o (2) es borrado, lo que lleva a una corrupción de memoria, también conocido como "Uninitialized Memory Corruption Vulnerability." • http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39023 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8554 • CWE-94: Improper Control of Generation of Code ('Code Injection') •