CVSS: 7.6EPSS: 24%CPEs: 23EXPL: 0CVE-2011-1257
https://notcve.org/view.php?id=CVE-2011-1257
Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability." Condición de carrera en Microsoft Internet Explorer de la v6 a la v8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores que involucran el acceso a un objeto, también conocido como "ventana abierta vulnerabilidad condición de carrera." • http://www.us-cert.gov/cas/techalerts/TA11-221A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12787 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.3EPSS: 0%CPEs: 200EXPL: 1CVE-2011-2379
https://notcve.org/view.php?id=CVE-2011-2379
Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode, allows remote attackers to inject arbitrary web script or HTML via a crafted patch, related to content sniffing. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Bugzilla 2.4 hasta la versión 2.22.7, 3.0.x hasta la 3.3.x, 3.4.x anteriores a 3.4.12, 3.5.x, 3.6.x anteriores a 3.6.6, 3.7.x, 4.0.x anteriores a 4.0.2 y 4.1.x anteriores a 4.1.3, si se utiliza Internet Explorer anterior a la versión 9 o Safari anterior a la 5.0.6 para el modo "Raw Unified", permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de una solución ("patch") modificada. Relacionado con captura de contenido ("sniffing"). • http://secunia.com/advisories/45501 http://www.bugzilla.org/security/3.4.11 http://www.debian.org/security/2011/dsa-2322 http://www.osvdb.org/74297 http://www.securityfocus.com/bid/49042 https://bugzilla.mozilla.org/show_bug.cgi?id=637981 https://exchange.xforce.ibmcloud.com/vulnerabilities/69033 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 93%CPEs: 26EXPL: 0CVE-2011-1963 – Microsoft Internet Explorer XSLT SetViewSlave Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1963
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vulnerability." Microsoft Internet Explorer 7 hasta 9 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a objetos que (1) no fueron inicializados correctamente o (2) es eliminado, también conocido como "vulnerabilidad XSLT Memory Corruption". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the part of the application that is responsible for reloading the markup for a root document object. During reloading of the markup, the application will dispatch a notification whilst retaining a reference to the object in the function's context. • http://www.us-cert.gov/cas/techalerts/TA11-221A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12753 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 93%CPEs: 30EXPL: 0CVE-2011-1964 – Microsoft Internet Explorer 9 STYLE Object Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1964
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 no maneja apropiadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitrario accediendo a un objeto que (1) no fue apropiadamente inicializado o (2) ha sido borrado. También conocida como "vulnerabilidad de corrupcción de memoria de objeto de estilo". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the part of the application that is responsible for handling STYLE elements. • http://www.us-cert.gov/cas/techalerts/TA11-221A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12617 • CWE-908: Use of Uninitialized Resource •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2011-1258
https://notcve.org/view.php?id=CVE-2011-1258
Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." Microsoft Internet Explorer 6 hasta la 8, no restringe correctamente el script web, permitiendo a atacantes remotos asistidos por el usuario obtener información confidencial de otro (1) dominio o (2) zona a través de vectores que implican una operación de "arrastrar y soltar", también conocido como "Vulnerabilidad de revelación de información de arrastrar y soltar" • http://blogs.technet.com/b/msrc/archive/2011/06/09/june-advance-notification-service-and-10-immutable-laws-revisited.aspx https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12495 • CWE-668: Exposure of Resource to Wrong Sphere •