CVSS: 9.3EPSS: 97%CPEs: 3EXPL: 1CVE-2013-3205 – Microsoft Internet Explorer CCaret Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3205
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 6 a 8 permiten a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Vulnerabilidad de Corrupción de Memoria de Internet Explorer". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of a CCaret object. The process can be made to delete an object resulting in a dangling pointer. • https://www.exploit-db.com/exploits/28481 http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18696 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 88%CPEs: 2EXPL: 0CVE-2013-3845 – Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3845
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 8 y 9 permiten a un atacante remoto ejecutar código a discrección o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, tambien conocida como "Vulnerabilidad de Corrupción de Memoria en Internet Explorer". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of a freed CTreePos object. The process can be forced to reuse a dangling pointer of the object resulting in a use-after-free condition. • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18719 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 88%CPEs: 3EXPL: 0CVE-2013-3208 – Microsoft Internet Explorer CAtomTable Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3208
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 8 hasta 10 permiten a un atacante remoto ejecutar código a discrección o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, tambien conocida como "Vulnerabilidad de Corrupción de Memoria en Internet Explorer". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CAtomTable objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18114 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 91%CPEs: 5EXPL: 0CVE-2013-3192
https://notcve.org/view.php?id=CVE-2013-3192
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability." Vulnerabilidad Cross-site scripting (XSS) en Microsoft Internet Explorer 6 hasta 10 permite a atacantes remotos inyectar código web o html de su elección a través de una secuencia de caracteres manipulados con la codificación EUC-JP, también conocido como "EUC-JP Character Encoding Vulnerability". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-059 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17980 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 80%CPEs: 2EXPL: 0CVE-2013-3188
https://notcve.org/view.php?id=CVE-2013-3188
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3189. Microsoft Internet Explorer 8 y 9 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web malicioso, también conocido como " Internet Explorer Memory Corruption Vulnerabilityā€¯, una vulnerabilidad distinta de CVE-2013-3189. • http://www.us-cert.gov/ncas/alerts/TA13-225A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-059 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17942 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •