CVSS: 10.0EPSS: 92%CPEs: 43EXPL: 0CVE-2010-1262 – Microsoft Internet Explorer Stylesheet Array Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1262
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability." Microsoft Internet Explorer versión 6 SP1 y SP2, versión 7 y 8, permiten a los atacantes remotos ejecutar código arbitrario al acceder a un objeto que (1) no se inicializó de manera apropiada (2) se elimina, lo que conlleva a la corrupción de la memoria, relacionada con el objeto CStyleSheet y un contenedor libre de tipo root, que se conoce como "Memory Corruption Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page. The specific flaw exists within IE's support for the CStyleSheet object. When a style sheet array is created it contains a reference to it's root container. • http://support.avaya.com/css/P8/documents/100089747 http://www.securityfocus.com/archive/1/511727/100/0/threaded http://www.securityfocus.com/bid/40417 http://www.us-cert.gov/cas/techalerts/TA10-159B.html http://www.zerodayinitiative.com/advisories/ZDI-10-102 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7406 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2010-2119
https://notcve.org/view.php?id=CVE-2010-2119
Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid nntp:// URIs. Vulnerabilidad en Microsoft Internet Explorer v6.0.2900.2180 permite a atacantes remotos causar una denegación de servicio (agotamiento de recursos) a través de código JavaScript que contenga un bucle infinito que crea elementos IFRAME para URIs no válidas de tipo nntp:// • http://websecurity.com.ua/4238 http://www.securityfocus.com/archive/1/511509/100/0/threaded • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2010-2118
https://notcve.org/view.php?id=CVE-2010-2118
Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs. Vulnerabilidad en Microsoft Internet Explorer v6.0.2900.2180 y v8.0.7600.16385 permite a atacantes remotos provocar una denegación de servicio (agotamiento de recursos) a través de código JavaScript que contenga un bucle infinito que crea elementos IFRAME a URIs de tipo news:// • http://websecurity.com.ua/4238 http://www.securityfocus.com/archive/1/511509/100/0/threaded • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 1CVE-2010-1991
https://notcve.org/view.php?id=CVE-2010-1991
Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. Microsoft Internet Explorer v6.0.2900.2180, v7 y v8.0.7600.16385 ejecuta una aplicación mail en situaciones dónde un elemento IFRAME tiene un mailto: URL en su atributo SRC lo que permite a atacantes remotos provocar una denegación del servicio (lanzamiento de demasiadas aplicaciones) a través de un documento HTML con varios elementos IFRAME • http://websecurity.com.ua/4206 http://www.securityfocus.com/archive/1/511327/100/0/threaded • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 37%CPEs: 27EXPL: 0CVE-2010-0489
https://notcve.org/view.php?id=CVE-2010-0489
Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability." Condición de carrera en Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1 y 7 permite a atacantes remotos ejecutar código de su elección mediante un documento HTML manipulado que dispara una corrupción de memoria, también conocido como "Race Condition Memory Corruption Vulnerability." • http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39026 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7774 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •