CVSS: 8.8EPSS: 2%CPEs: 13EXPL: 0CVE-2017-0210 – Microsoft Internet Explorer Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-0210
An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability." Existe una vulnerabilidad de elevación de privilegios cuando Internet Explorer no aplica adecuadamente las directivas entre dominios, lo que podría permitir a un atacante acceder a información de un dominio e inyectarla en otro dominio, vulnerabilidad también conocido como "Internet Explorer Elevation of Privilege Vulnerability". A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information. • http://www.securityfocus.com/bid/97512 http://www.securitytracker.com/id/1038238 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0210 •
CVSS: 7.6EPSS: 88%CPEs: 1EXPL: 1CVE-2017-0202 – Microsoft Internet Explorer 11.576.14393.0 - 'CStyleSheetArray::BuildListOfMatchedRules' Memory Corruption
https://notcve.org/view.php?id=CVE-2017-0202
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability." Existe una vulnerabilidad de ejecución remota de código cuando Internet Explorer accede inadecuadamente a objetos en la memoria. La vulnerabilidad podría dañar la memoria de tal manera que un atacante podría ejecutar código arbitrario en el contexto del usuario actual, vulnerabilidad también conocida como "Internet Explorer Memory Corruption Vulnerability". • https://www.exploit-db.com/exploits/41941 http://www.securityfocus.com/bid/97441 http://www.securitytracker.com/id/1038238 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0202 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 24%CPEs: 2EXPL: 0CVE-2017-0201
https://notcve.org/view.php?id=CVE-2017-0201
A remote code execution vulnerability exists in Internet Explorer in the way that the JScript and VBScript engines render when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0093. Existe una vulnerabilidad de ejecución remota de código en Internet Explorer en la forma en que procesan los motores JScript y VBScript al manipular objetos en la memoria. La vulnerabilidad podría dañar la memoria de tal manera que un atacante podría ejecutar código arbitrario en el contexto del usuario actual, vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/97454 http://www.securitytracker.com/id/1038238 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 25%CPEs: 2EXPL: 0CVE-2017-0018 – Microsoft Internet Explorer CHtmTag Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-0018
Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0037 and CVE-2017-0149. Microsoft Internet Explorer 10 y 11 permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Internet Explorer Memory Corruption Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0037 y CVE-2017-0149. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Internet Explorer. • http://www.securityfocus.com/bid/96086 http://www.securitytracker.com/id/1038008 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0018 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 50%CPEs: 16EXPL: 0CVE-2017-0149 – Microsoft Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2017-0149
Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037. Microsoft Internet Explorer 9 hasta la versión 11 permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Internet Explorer Memory Corruption Vulnerability". Esta vulnerabilidad es diferente a la descrita en CVE-2017-0018 y CVE-2017-0037. Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website. • http://www.securityfocus.com/bid/96724 http://www.securitytracker.com/id/1038008 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0149 • CWE-787: Out-of-bounds Write •