CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2013-5046
https://notcve.org/view.php?id=CVE-2013-5046
Microsoft Internet Explorer 7 through 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability." Microsoft Internet Explorer 7 hasta la versión 11 permite a usuarios locales evadir el mecanismo de protección de modo protegido, y consecuentemente obtener privilegios, mediante el aprovechamiento de la capacidad de ejecutar código en una sandbox, también conocido como "Vulnerabilidad de elevación de privilegios en Internet Explorer". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 35EXPL: 0CVE-2013-6912
https://notcve.org/view.php?id=CVE-2013-6912
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en un componente de calendario en Cybozu Garoon anteriores a 3.7.2, cuando Internet Explorer 6 a 9 son utilizados, permite a usuarios autenticados remotamente inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN23981867/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113 http://osvdb.org/100560 https://support.cybozu.com/ja-jp/article/6927 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0CVE-2013-6906
https://notcve.org/view.php?id=CVE-2013-6906
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en un componente de correo en Cybozu Garoon anteriores a 3.7.0, cuando Internet Explorer 6 a 8 es utilizado, permite a atacnates remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN23981867/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113 http://osvdb.org/100574 https://support.cybozu.com/ja-jp/article/6174 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 88%CPEs: 4EXPL: 0CVE-2013-3910 – Microsoft Internet Explorer CSelectTracker Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3910
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 6 a 9, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Vulnerabilidad de Corrupción de memoria en Internet Explorer" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CSelectTracker objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. • http://www.us-cert.gov/ncas/alerts/TA13-317A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-088 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19109 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 88%CPEs: 4EXPL: 0CVE-2013-3912 – Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3912
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3916. Microsoft Internet Explorer 8 a 11, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Vulnerabilidad de Corrupción de memoria en Internet Explorer", una vulnerabilidad diferente a CVE-2013 a 3916. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CTreePos objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. • http://www.us-cert.gov/ncas/alerts/TA13-317A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-088 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19182 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •