CVSS: 9.3EPSS: 88%CPEs: 23EXPL: 0CVE-2011-1266 – Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1266
The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability." La implementación Vector Markup Language (VML) en vgx.dll en Microsoft Internet Explorer 6 hasta la 8, no maneja adecuadamente los objetos en memoria, permitiendo a atacantes remotos ejecutar código arbitrario accediento a un objeto que (1) no se ha inicializado correctamente o (2) es eliminado, también conocido como "Vulnerabiliad de Corrupción de memoria VML." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within vgx.dll while parsing VML objects from the DOM. Specifically, the faulty code exists while handling imagedata parameters during page deconstruction. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12593 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 88%CPEs: 26EXPL: 0CVE-2011-1262 – Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1262
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "HTTP Redirect Memory Corruption Vulnerability." Microsoft Internet Explorer 7 hasta la versión 9 no maneja apropiadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no ha sido apropiadamente inicializado o (2) ha sido borrado, también conocido como "vulnerabilidad de corrupción de memoria HTTP". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles HTTP 302 redirects to CDL protocols. When Internet Explorer tries to determine who is responsible for handling the protocol redirect it fails to keep a correct reference counter to a Transaction object which results in a use-after-free vulnerability. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12405 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 97%CPEs: 26EXPL: 1CVE-2011-1260 – Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1260
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability." Microsoft Internet Explorer 8 y 9 no maneja adecuadamente los objetos en memoria, lo qeu permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no haya sido iniciado adecuadamente o (2) sea eleiminado. También se conoce como "Vulnerabilidad de Diseño de Corrupción de Memoria" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles unusual values for the layout-grid-char style property. Specific values may result in the destruction of a tree node that is still in use during the rendering of the HTML page. • https://www.exploit-db.com/exploits/17409 http://securityreason.com/securityalert/8275 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12308 http://d0cs4vage.blogspot.com/2011/06/insecticides-dont-kill-bugs-patch.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2011-1713
https://notcve.org/view.php?id=CVE-2011-1713
Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202. Microsoft msxml.dll, tal como se utiliza en Internet Explorer 8 en Windows 7, permite a atacante recopilar información confidencial sobre las dirección de la memoria dinámica a través de un documento XML que contenga una llamada a la función XPath generate-id XSLT. NOTA: puede sobrelaparse con CVE-2011-1202. • http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html https://exchange.xforce.ibmcloud.com/vulnerabilities/66835 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12693 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 58%CPEs: 22EXPL: 0CVE-2011-1245
https://notcve.org/view.php?id=CVE-2011-1245
Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability." Microsoft Internet Explorer 6 y 7 no restringen adecuadamente el acceso al contenido desde (1) un dominio distinto o (2) zona diferente, lo que permite a atacantes remotos obtener información sensible a través de un sitio web manipulado. También conocida como "Javascript Information Disclosure Vulnerability." • http://www.securityfocus.com/bid/47192 http://www.securitytracker.com/id?1025327 http://www.us-cert.gov/cas/techalerts/TA11-102A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12385 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •