CVSS: 9.3EPSS: 82%CPEs: 1EXPL: 0CVE-2014-0278 – Microsoft Internet Explorer CSS Out-Of-Bounds Indexing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0278
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0277 and CVE-2014-0279. Microsoft Internet Explorer 8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Internet Explorer Memory Corruption Vulnerability," una vulnerabilidad diferente a CVE-2014-0277 y CVE-2014-0279. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CSS properties objects. The issue lies in the ability to index outside the bounds of an array. • http://osvdb.org/103177 http://secunia.com/advisories/56796 http://www.securityfocus.com/bid/65377 http://www.securitytracker.com/id/1029741 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/90768 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 0CVE-2014-0268
https://notcve.org/view.php?id=CVE-2014-0268
Microsoft Internet Explorer 8 through 11 does not properly restrict file installation and registry-key creation, which allows remote attackers to bypass the Mandatory Integrity Control protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." Microsoft Internet Explorer 8 hasta 11 no restringe adecuadamente la instalación de archivos y la creación de clave del registro, lo que permite a atacantes remotos evadir el mecanismo de protección Mandatory Integrity Control a través de un sitio web manipulado, también conocido como "Internet Explorer Elevation of Privilege Vulnerability." • http://osvdb.org/103165 http://secunia.com/advisories/56796 http://www.securityfocus.com/bid/65392 http://www.securitytracker.com/id/1029741 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/90756 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 79%CPEs: 6EXPL: 0CVE-2013-5047 – Microsoft Internet Explorer CMarkup::Insert Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-5047
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-5048. Microsoft Internet Explorer 6 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Vulnerabilidad de corrupción de memoria en Internet Explorer", una vulnerabilidad diferente a CVE-2013-5048. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CMarkup objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 79%CPEs: 6EXPL: 0CVE-2013-5048 – Microsoft Internet Explorer Unitialized Variable Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-5048
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-5047. Microsoft Internet Explorer 6 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Vulnerabilidad de corrupción de memoria en Internet Explorer", una vulnerabilidad diferente a CVE-2013-5047. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of HTML tables and rows. An uninitialized variable in one of the functions can cause memory corruption. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 79%CPEs: 4EXPL: 0CVE-2013-5049 – Microsoft Internet Explorer CObjectElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-5049
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Vulnerabilidad de corrupción de memoria en Internet Explorer". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of a CObjectElement. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •