CVSS: 9.3EPSS: 93%CPEs: 36EXPL: 1CVE-2013-0019 – Microsoft Internet Explorer COmWindowProxy Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0019
Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 7 hasta 10 que permite a atacantes remotos ejecutar código arbitrario a través de un sitio web modificado que desencadena el acceso a un objeto eliminado, también conocido como "Internet Explorer COmWindowProxy Use After Free Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of iframes. By manipulating an iframe using window.open an attacker can force a dangling pointer to be reused after it has been freed. • https://www.exploit-db.com/exploits/40879 http://blog.skylined.nl/20161202001.html http://www.us-cert.gov/cas/techalerts/TA13-043B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16465 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 84%CPEs: 9EXPL: 0CVE-2013-0020 – Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0020
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkup Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 9 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado que desencadena el acceso a un objeto eliminado, también conocido como "Internet Explorer uso después de liberación en CMarkup". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CMarkup and CDATA objects. The issue lies in the usage of document.adoptNode on a CDATA object. • http://www.us-cert.gov/cas/techalerts/TA13-043B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15875 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 80%CPEs: 9EXPL: 0CVE-2013-0022
https://notcve.org/view.php?id=CVE-2013-0022
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 9 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado que desencadena el acceso a un objeto eliminado, también conocido como "Internet Explorer uso después de liberación en LsGetTrailInfo". • http://www.us-cert.gov/cas/techalerts/TA13-043B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16069 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.3EPSS: 84%CPEs: 14EXPL: 0CVE-2013-0023 – Microsoft Internet Explorer CDispNode Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0023
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 9 y 10 que permite a atacantes remotos ejecutar código arbitrario a través de un sitio web modificado que desencadena el acceso a un objeto eliminado, también conocido como "Internet Explorer CDispNode Use After Free Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific issue is due to the way Internet Explorer handles SVG objects. A use-after-free condition can be created when an SVG references a self-referent SVG. • http://www.us-cert.gov/cas/techalerts/TA13-043B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16470 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 84%CPEs: 22EXPL: 0CVE-2013-0024 – Microsoft Internet Explorer pasteHTML Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0024
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 8 y 9 que permite a atacantes remotos ejecutar código arbitrario a través de un sitio web modificado que desencadena el acceso a un objeto eliminado, también conocido como "Internet Explorer pasteHTML Use After Free Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TextRange objects. The issue lies in the usage of Range.moveToElementText and Range.collapse. • http://www.us-cert.gov/cas/techalerts/TA13-043B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16126 • CWE-399: Resource Management Errors •