CVSS: 9.3EPSS: 97%CPEs: 26EXPL: 1CVE-2011-1260 – Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1260
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability." Microsoft Internet Explorer 8 y 9 no maneja adecuadamente los objetos en memoria, lo qeu permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no haya sido iniciado adecuadamente o (2) sea eleiminado. También se conoce como "Vulnerabilidad de Diseño de Corrupción de Memoria" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles unusual values for the layout-grid-char style property. Specific values may result in the destruction of a tree node that is still in use during the rendering of the HTML page. • https://www.exploit-db.com/exploits/17409 http://securityreason.com/securityalert/8275 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12308 http://d0cs4vage.blogspot.com/2011/06/insecticides-dont-kill-bugs-patch.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 2%CPEs: 8EXPL: 0CVE-2011-2383
https://notcve.org/view.php?id=CVE-2011-2383
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release. Microsoft Internet Explorer versión 9 y anteriores, no restringen apropiadamente las acciones de arrastrar y soltar en zona cruzada, lo que permite a los atacantes remotos asistidos por el usuario leer archivos de cookies por medio de vectores que involucran un elemento IFRAME con un atributo SRC que contiene una URL http: que redirecciona hacia URL file:, como es demostrado por un juego de Facebook, relacionado con un problema de "cookiejacking", también se conoce como "Drag and Drop Information Disclosure Vulnerability". NOTA: esta vulnerabilidad se presenta debido a una corrección incompleta en la versión 9 de Internet Explorer. • http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388 http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt http://news.cnet.com/8301-1009_3-20066419-83.html http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503 http://www.informationweek.com/news/security/vulnerabilities/229700031 http://www.networkworld.com/community/node/74259 http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking http://www. • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 68%CPEs: 43EXPL: 0CVE-2010-0490
https://notcve.org/view.php?id=CVE-2010-0490
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 6 SP1, 7 y 8 no maneja adecuadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección mediante el acceso a un objeto que (1) no fue iniciado de manera apropiada o (2) es borrado, lo que lleva a una corrupción de memoria, también conocido como "Uninitialized Memory Corruption Vulnerability." • http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39031 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8302 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 87%CPEs: 19EXPL: 0CVE-2010-0492 – Microsoft Internet Explorer TIME2 Behavior Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0492
Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." La vulnerabilidad de Uso de la Memoria Previamente Liberada en la biblioteca mstime.dll en Microsoft Internet Explorer 8 permite a los atacantes remotos ejecutar código arbitrario por medio de vectores relacionados con el procedimiento TIME2, el objeto CTimeAction y la destrucción del marcado, lo que conlleva a la corrupción de la memoria, también se conoce como " HTML Object Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The issue is located within the CTimeAction object. During handling of the TIME2 behavior, an attacker can trick the application into destroying the markup causing the application to reference memory that has previously been freed. • http://securitytracker.com/id?1023773 http://www.securityfocus.com/archive/1/510506/100/0/threaded http://www.securityfocus.com/bid/39030 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 http://www.zerodayinitiative.com/advisories/ZDI-10-033 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/defi • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 7%CPEs: 45EXPL: 0CVE-2010-0494
https://notcve.org/view.php?id=CVE-2010-0494
Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability." Vulnerabilidad de dominio cruzado en Microsoft Internet Explorer 6, 6 SP1, 7 y 8 permite a atacantes remotos asistidos por el usuario eludir la Política del mismo Origen (Same Origin Policy) y realizar ataques de secuencias de comandos en sitios cruzados (XSS) mediante una un documento HTML manipulado en una situación en la que el usuario cliente arrastra una ventana del navegador a través de otra, también conocido como "HTML Element Cross-Domain Vulnerability." • http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39047 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8553 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •