CVSS: 9.3EPSS: 51%CPEs: 35EXPL: 0CVE-2013-0029 – Microsoft Internet Explorer CHTML Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0029
13 Feb 2013 — Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 6 a 9 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado que desencadena el acceso a un objeto eliminado, también conocido como "Internet Explorer CHTML... • http://www.us-cert.gov/cas/techalerts/TA13-043B.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 31%CPEs: 9EXPL: 0CVE-2013-0022
https://notcve.org/view.php?id=CVE-2013-0022
13 Feb 2013 — Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 9 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado que desencadena el acceso a un objeto eliminado, también conocido como "Internet Explorer uso despué... • http://www.us-cert.gov/cas/techalerts/TA13-043B.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.3EPSS: 55%CPEs: 14EXPL: 0CVE-2013-0023 – Microsoft Internet Explorer CDispNode Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0023
13 Feb 2013 — Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 9 y 10 que permite a atacantes remotos ejecutar código arbitrario a través de un sitio web modificado que desencadena el acceso a un objeto eliminado, también conocido como "Internet Explor... • http://www.us-cert.gov/cas/techalerts/TA13-043B.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 29%CPEs: 40EXPL: 0CVE-2013-0030
https://notcve.org/view.php?id=CVE-2013-0030
13 Feb 2013 — The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability." La implementación de Vector Markup Language (VML) en Microsoft Internet Explorer 6 a 10 no se asignan correctamente buffers, lo que permite a atacantes remotos ejecutar código arbitrario a través de un sitio web hecho a mano, también conocido como "Vulnerabilid... • http://www.us-cert.gov/cas/techalerts/TA13-043B.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 16%CPEs: 2EXPL: 3CVE-2013-1450
https://notcve.org/view.php?id=CVE-2013-1450
29 Jan 2013 — Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd. Microsoft Internet Explorer 8 y 9, cuando la... • http://pastebin.com/raw.php?i=rz9BcBey • CWE-16: Configuration •
CVSS: 6.5EPSS: 12%CPEs: 2EXPL: 4CVE-2013-1451 – Microsoft Internet Explorer 8/9 - Steal Any Cookie
https://notcve.org/view.php?id=CVE-2013-1451
29 Jan 2013 — Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450. Microsoft Intern... • https://www.exploit-db.com/exploits/24432 • CWE-16: Configuration •
CVSS: 7.5EPSS: 6%CPEs: 6EXPL: 0CVE-2012-6502
https://notcve.org/view.php?id=CVE-2012-6502
22 Jan 2013 — Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence. Microsoft Internet Explorer antes de v10, permite a atacantes remotos obtener información sensible acerca de la existencia de archivos, y leer algunos datos de los archivos, a través de una ru... • http://www.nsfocus.com/en/2012/advisories_1228/119.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 49%CPEs: 5EXPL: 0CVE-2012-4781
https://notcve.org/view.php?id=CVE-2012-4781
12 Dec 2012 — Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 6 hasta 10, permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado que desencadena el acceso a un objeto eliminado, también conocido como "InjectHTMLStream Use ... • http://www.us-cert.gov/cas/techalerts/TA12-346A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 47%CPEs: 14EXPL: 0CVE-2012-4782
https://notcve.org/view.php?id=CVE-2012-4782
12 Dec 2012 — Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 9 y 10, permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado que desencadena el acceso a un objeto eliminado, también conocido como "CMarkup Use After Free Vulnerability". • http://www.us-cert.gov/cas/techalerts/TA12-346A.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 36%CPEs: 14EXPL: 1CVE-2012-4787 – Flash JIT Internet Explorer 9 Exploit
https://notcve.org/view.php?id=CVE-2012-4787
12 Dec 2012 — Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 9 y 10, permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado que desencadena el acceso a un objeto que (1) n... • https://packetstorm.news/files/id/122485 • CWE-399: Resource Management Errors CWE-416: Use After Free •