CVSS: 9.3EPSS: 92%CPEs: 22EXPL: 1CVE-2011-1255 – Microsoft Internet Explorer - Time Element Memory Corruption (MS11-050)
https://notcve.org/view.php?id=CVE-2011-1255
The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability." La implantación de extensiones multimedia interactivas temporizadas ("Timed Interactive Multimedia Extensions" o HTML+TIME) en Microsoft Internet Explorer 6 hasta la versión 8 no maneja apropiadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitraio accediendo a un objeto que (1) no ha sido apropiadamente inicializado o (2) ha sido borrado. También conocido como "Vulnerabilidad de corrupción de memoria de elemento Time". • https://www.exploit-db.com/exploits/20547 http://blogs.technet.com/b/srd/archive/2011/06/14/ms11-050-ie9-is-better.aspx http://osvdb.org/72947 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12227 • CWE-908: Use of Uninitialized Resource •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2011-1258
https://notcve.org/view.php?id=CVE-2011-1258
Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." Microsoft Internet Explorer 6 hasta la 8, no restringe correctamente el script web, permitiendo a atacantes remotos asistidos por el usuario obtener información confidencial de otro (1) dominio o (2) zona a través de vectores que implican una operación de "arrastrar y soltar", también conocido como "Vulnerabilidad de revelación de información de arrastrar y soltar" • http://blogs.technet.com/b/msrc/archive/2011/06/09/june-advance-notification-service-and-10-immutable-laws-revisited.aspx https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12495 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.3EPSS: 30%CPEs: 22EXPL: 0CVE-2011-1254
https://notcve.org/view.php?id=CVE-2011-1254
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability." Microsoft Internet Explorer v6 a la v8 no manejan adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no ha sido iniciado adecuadamente o (2) es borrado. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12368 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 16%CPEs: 30EXPL: 0CVE-2011-1250
https://notcve.org/view.php?id=CVE-2011-1250
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Link Properties Handling Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 no maneja apropiadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitrario accediendo a un objeto que (1) no ha sido apropiadamente inicializado o (2) ha sido borrado. También conocido como "vulnerabilidad de corrupción de memoria en el manejo de propiedades Link". • http://www.nsfocus.com/en/advisories/1101.html http://www.securityfocus.com/archive/1/518445/100/0/threaded https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12708 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 88%CPEs: 26EXPL: 0CVE-2011-1262 – Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1262
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "HTTP Redirect Memory Corruption Vulnerability." Microsoft Internet Explorer 7 hasta la versión 9 no maneja apropiadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no ha sido apropiadamente inicializado o (2) ha sido borrado, también conocido como "vulnerabilidad de corrupción de memoria HTTP". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles HTTP 302 redirects to CDL protocols. When Internet Explorer tries to determine who is responsible for handling the protocol redirect it fails to keep a correct reference counter to a Transaction object which results in a use-after-free vulnerability. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12405 • CWE-908: Use of Uninitialized Resource •