CVSS: 9.3EPSS: 89%CPEs: 2EXPL: 0CVE-2013-3141 – Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3141
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3110. Microsoft Internet Explorer 8 y 9 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web malicioso, también conocido como "Vulnerabilidad de corrupción de memoria en Internet Explorer", una vulnerabilidad diferente a CVE-2013-3110. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CTreeNode objects. Specifically crafted DOM manipulations can be used to cause a use-after-free condition on the CTreeNode object. • http://www.us-cert.gov/ncas/alerts/TA13-168A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15981 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 89%CPEs: 5EXPL: 0CVE-2013-3142 – Microsoft Internet Explorer CEventObj Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3142
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3139. Microsoft Internet Explorer 6 hasta 10, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web malicioso, también conocido como "Vulnerabilidad de corrupción de memoria en Internet Explorer", una vulnerabilidad diferente a CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, y CVE-2013-3139. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CEventObj objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://www.us-cert.gov/ncas/alerts/TA13-168A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16704 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 84%CPEs: 2EXPL: 0CVE-2013-1307
https://notcve.org/view.php?id=CVE-2013-1307
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-0811. Vulnerabilidad de tipo "usar después de liberar" en Microsoft Internet Explorer v8 hasta v9 permite a atacantes remotos ejecutar código de su elección mediante un sitio web malintencionado que genera el acceso a un objeto eliminado, también conocido como "Vulnerabilidad de usar después de liberar en Internet Explorer", una vulnerabilidad diferente a CVE-2013-0811. • http://www.us-cert.gov/ncas/alerts/TA13-134A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16650 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 84%CPEs: 2EXPL: 0CVE-2013-0811
https://notcve.org/view.php?id=CVE-2013-0811
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1307. Vulnerabilidad de tipo "usar después de liberar" en Microsoft Internet Explorer v8 hasta v9 permite a atacantes remotos ejecutar código de su elección mediante un sitio web malintencionado que genera el acceso a un objeto eliminado, también conocido como "Vulnerabilidad de usar después de liberar en Internet Explorer", una vulnerabilidad diferente a CVE-2013-1307. • http://www.us-cert.gov/ncas/alerts/TA13-134A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15979 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 84%CPEs: 5EXPL: 0CVE-2013-1308 – Microsoft Internet Explorer TransNavContext Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1308
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1309 and CVE-2013-2551. Vulnerabilidad de tipo "usar después de liberar" en Microsoft Internet Explorer v6 hasta v10 permite a atacantes remotos ejecutar código de su elección mediante un sitio web malintencionado que genera el acceso a un objeto eliminado, también conocido como "Vulnerabilidad de usar después de liberar en Internet Explorer", una vulnerabilidad diferente a CVE-2013-1309 y CVE-2013-2551. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TransNavContext objects. The issue lies in focusing on an element, reloading the page, then manipulating the DOM while focus still resides with the element. • http://www.us-cert.gov/ncas/alerts/TA13-134A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16415 • CWE-416: Use After Free •