Page 51 of 715 results (0.008 seconds)

CVSS: 4.3EPSS: 7%CPEs: 27EXPL: 0

CVE-2010-0488

https://notcve.org/view.php?id=CVE-2010-0488

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1 y 7 no maneja adecuadamente "cadenas de codificación" (encoding strings) no especificadas, lo que permite a atacantes remotos eludir la Política del Mismo Origen (Same Origin Policy) y obtener información sensible mediante un sitio web manipulado, también conocido como "Post Encoding Information Disclosure Vulnerability." • http://jvn.jp/en/jp/JVN49467403/index.html http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000011.html http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39028 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 80%CPEs: 26EXPL: 0

CVE-2010-0267

https://notcve.org/view.php?id=CVE-2010-0267

Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 6 SP1 y 7 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no fue iniciado de manera apropiada o (2) es borrado, lo que lleva a una corrupción de memoria, también conocido como "Uninitialized Memory Corruption Vulnerability." • http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39023 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8554 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 80%CPEs: 43EXPL: 0

CVE-2010-0490

https://notcve.org/view.php?id=CVE-2010-0490

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 6 SP1, 7 y 8 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no fue iniciado de manera apropiada o (2) es borrado, lo que lleva a una corrupción de memoria, también conocido como "Uninitialized Memory Corruption Vulnerability." • http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39031 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8302 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 37%CPEs: 27EXPL: 0

CVE-2010-0489

https://notcve.org/view.php?id=CVE-2010-0489

Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability." Condición de carrera en Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1 y 7 permite a atacantes remotos ejecutar código de su elección mediante un documento HTML manipulado que dispara una corrupción de memoria, también conocido como "Race Condition Memory Corruption Vulnerability." • http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39026 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7774 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 10.0EPSS: 97%CPEs: 6EXPL: 2

CVE-2010-0805 – Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2010-0805

The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability." El control ActiveX de Tabular Data Control (TDC) en Internet Explorer de Microsoft versiones 5.01 SP4, 6 sobre Windows XP SP2 y SP3, y versión 6 SP1, permite a los atacantes remotos ejecutar código arbitrario por medio de una URL larga (parámetro DataURL) que desencadena corrupción de memoria en la función CTDCCtl::SecurityCHeckDataURL, también se conoce como "Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the Tabular Data Control ActiveX module. Specifically, if provided a malicious DataURL parameter a stack corruption may occur in the function CTDCCtl::SecurityCHeckDataURL. • https://www.exploit-db.com/exploits/12032 https://www.exploit-db.com/exploits/16567 http://securitytracker.com/id?1023773 http://www.securityfocus.com/archive/1/510507/100/0/threaded http://www.securityfocus.com/bid/39025 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 http://www.zerodayinitiative.com/advisories/ZDI-10-034 https://docs.microsoft.com/en-us/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •