CVSS: 10.0EPSS: 90%CPEs: 43EXPL: 0CVE-2010-1262 – Microsoft Internet Explorer Stylesheet Array Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1262
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability." Microsoft Internet Explorer versión 6 SP1 y SP2, versión 7 y 8, permiten a los atacantes remotos ejecutar código arbitrario al acceder a un objeto que (1) no se inicializó de manera apropiada (2) se elimina, lo que conlleva a la corrupción de la memoria, relacionada con el objeto CStyleSheet y un contenedor libre de tipo root, que se conoce como "Memory Corruption Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page. The specific flaw exists within IE's support for the CStyleSheet object. When a style sheet array is created it contains a reference to it's root container. • http://support.avaya.com/css/P8/documents/100089747 http://www.securityfocus.com/archive/1/511727/100/0/threaded http://www.securityfocus.com/bid/40417 http://www.us-cert.gov/cas/techalerts/TA10-159B.html http://www.zerodayinitiative.com/advisories/ZDI-10-102 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7406 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2010-2118
https://notcve.org/view.php?id=CVE-2010-2118
Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs. Vulnerabilidad en Microsoft Internet Explorer v6.0.2900.2180 y v8.0.7600.16385 permite a atacantes remotos provocar una denegación de servicio (agotamiento de recursos) a través de código JavaScript que contenga un bucle infinito que crea elementos IFRAME a URIs de tipo news:// • http://websecurity.com.ua/4238 http://www.securityfocus.com/archive/1/511509/100/0/threaded • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2010-2119
https://notcve.org/view.php?id=CVE-2010-2119
Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid nntp:// URIs. Vulnerabilidad en Microsoft Internet Explorer v6.0.2900.2180 permite a atacantes remotos causar una denegación de servicio (agotamiento de recursos) a través de código JavaScript que contenga un bucle infinito que crea elementos IFRAME para URIs no válidas de tipo nntp:// • http://websecurity.com.ua/4238 http://www.securityfocus.com/archive/1/511509/100/0/threaded • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 2CVE-2010-2091 – Microsoft Outlook Web Access (OWA) 8.2.254.0 - Information Disclosure
https://notcve.org/view.php?id=CVE-2010-2091
Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. Microsoft Outlook Web Access (OWA) v8.2.254.0, cuando se usa Internet Explorer 7 sobre Windows Server 2003, no maneja adecuadamente el parámetro "id" en la acción "Folder IPF.Note" a la URI por defecto, lo que podría permitir a atacantes remotos obtener información sensible o llevar a cabo ataques de ejecución de secuencias de comandos en sitios cruzados (XSS) a través de un valor no válido. • https://www.exploit-db.com/exploits/12728 http://www.exploit-db.com/exploits/12728 http://www.securityfocus.com/archive/1/511401/100/0/threaded http://www.securityfocus.com/archive/1/511416/100/0/threaded http://www.securityfocus.com/archive/1/511448/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/58835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 1CVE-2010-1991
https://notcve.org/view.php?id=CVE-2010-1991
Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. Microsoft Internet Explorer v6.0.2900.2180, v7 y v8.0.7600.16385 ejecuta una aplicación mail en situaciones dónde un elemento IFRAME tiene un mailto: URL en su atributo SRC lo que permite a atacantes remotos provocar una denegación del servicio (lanzamiento de demasiadas aplicaciones) a través de un documento HTML con varios elementos IFRAME • http://websecurity.com.ua/4206 http://www.securityfocus.com/archive/1/511327/100/0/threaded • CWE-399: Resource Management Errors •