CVSS: 4.3EPSS: 72%CPEs: 39EXPL: 0CVE-2010-3330
https://notcve.org/view.php?id=CVE-2010-3330
Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability." Microsoft Internet Explorer v6 hasta v8 no restringe adecuadamante el acceso de secuencia de comandos para el contenido de (1)un dominio o (2) zona diferente, lo que permite a atacantes remoto obtener información sensible a través de un sitio web manipulado, conocido como "Vulnerabilidad de revelación de información de dominio cruzado." • http://support.avaya.com/css/P8/documents/100113324 http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6928 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 1%CPEs: 40EXPL: 0CVE-2010-3327
https://notcve.org/view.php?id=CVE-2010-3327
The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability." La aplicación de creación de contenido HTML en Microsoft Internet Explorer v6 y v8, no quita el elemento de anclaje (Anchor) durante la edición y el pegado, lo cual podría permitir a atacantes remotos obtener información sensible eliminada al visitar una página web, también conocido como "vulnerabilidad de divulgación de información de elementos de anclaje." • http://support.avaya.com/css/P8/documents/100113324 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7417 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 96%CPEs: 33EXPL: 1CVE-2010-3329 – Microsoft Office - 'HtmlDlgHelper' Class Memory Corruption (MS10-071)
https://notcve.org/view.php?id=CVE-2010-3329
mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability." La biblioteca Mshtmled.dll en Microsoft Internet Explorer versiones 7 y 8 permite a los atacantes remotos ejecutar código arbitrario por medio de un documento de Microsoft Office creado que hace que el destructor de la clase HtmlDlgHelper tenga acceso a la memoria no inicializada, también se conoce como "Uninitialized Memory Corruption Vulnerability". • https://www.exploit-db.com/exploits/15262 http://support.avaya.com/css/P8/documents/100113324 http://www.securityfocus.com/bid/43706 http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7482 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 94%CPEs: 39EXPL: 0CVE-2010-3331
https://notcve.org/view.php?id=CVE-2010-3331
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta 8 no maneja adecuadamente objetos en memoria en ciertas circunstancias involucrando el uso de Microsoft Word para leer documentos Word, permite a atacantes remotos ejecutar códido de su elección accediendo a un objeto que (1) no fue correctamente inicializado o (2) es borrado, provocando una corrupción de memoria, también conocido como "Vulnerabilidad de corrupción de memoria no inicializada". • http://support.avaya.com/css/P8/documents/100113324 http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6832 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 91%CPEs: 26EXPL: 0CVE-2010-3328 – Microsoft Internet Explorer Stylesheet PrivateFind Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3328
Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en la función CAttrArray::PrivateFind en la biblioteca mshtml.dll en Microsoft Internet Explorer versión 6 hasta la versión 8 permite a los atacantes remotos ejecutar código arbitrario mediante el establecimiento de una propiedad no especificada de un objeto StyleSheet, también se conoce como "Uninitialized Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the function CAttrArray::PrivateFind as defined in mshtml.dll. If a specific property of a stylesheet object is set, the code within mshtml can be forced to free an object which is subsequently accessed later. • http://support.avaya.com/css/P8/documents/100113324 http://www.securityfocus.com/bid/43705 http://www.us-cert.gov/cas/techalerts/TA10-285A.html http://www.zerodayinitiative.com/advisories/ZDI-10-197 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7059 • CWE-416: Use After Free •