CVSS: 5.8EPSS: 0%CPEs: 22EXPL: 0CVE-2011-1244
https://notcve.org/view.php?id=CVE-2011-1244
Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." Microsoft Internet Explorer 6, 7 y 8 no realiza las restricciones de dominio pretendidas cuando se accede a los contenidos. Esto permite a atacantes remotos obtener información sensible o provocar ataques de clickjacking a través de un sitio web manipulado. También se cono como "Vulnerabilidad de Revelación de Información de Etiquetas de Marco" • http://osvdb.org/71777 http://www.securityfocus.com/bid/47191 http://www.securitytracker.com/id?1025327 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11926 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.3EPSS: 95%CPEs: 22EXPL: 0CVE-2011-0094
https://notcve.org/view.php?id=CVE-2011-0094
Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layouts Handling Memory Corruption Vulnerability." La vulnerabilidad de Uso de Memoria Previamente Liberada (Use-after-free) en Microsoft Internet Explorer versiones 6 y 7 permite a los atacantes remotos ejecutar código arbitrario mediante el acceso a un objeto que (1) no se inicializó apropiadamente o (2) se elimina, también se conoce como "Layouts Handling Memory Corruption Vulnerability". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=900 http://www.securitytracker.com/id?1025327 http://www.us-cert.gov/cas/techalerts/TA11-102A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12463 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 17%CPEs: 2EXPL: 0CVE-2011-1346 – Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability
https://notcve.org/view.php?id=CVE-2011-1346
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. Vulnerabilidad sin especificar en Microsoft Internet Explorer 8 en Windows 7 permite a atacantes remotos ejecutar código arbitrario a través de vectores de ataque desconocido, como ha demostrado Stephen Fewer con la segunda de las tres vulnerabilidades encadenadas durante el concurso Pwn2Own en la CanSecWest 2011. This vulnerability allows remote attackers to leak information on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Internet Explorer that allows malicious users to leak information about the memory layout of an Internet Explorer process. When creating a new 'Option' HTML Element, the 'index' field of the object is not set to zero and can be used to leak the location of the global variable table. • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 http://twitter.com/aaronportnoy/statuses/45642180118855680 http://twitter.com/msftsecresponse/statuses/45646985998516224 http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own http://www.securityfocus.com/bid/46821 http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367 https://exchange.xforce.ibmcloud.com/vulnerabilities/66063 https://threatpost.com/en_us/blogs/pwn2own-w •
CVSS: 9.3EPSS: 95%CPEs: 2EXPL: 0CVE-2011-1345 – Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1345
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability." Vulnerabilidad sin especificar en Microsoft Internet Explorer 8 en Windows 7 permite a atacantes remotos ejecutar código arbitrario a través de vectores de ataque desconocidos, como ha demostrado Stephen Fewer con la primera de las tres vulnerabilidades encadenadas durante el concurso Pwn2Own en la CanSecWest 2011. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles onPropertyChange function calls. When the onPropertyChange event handler is set to an object's attribute collection, it fails to keep an accurate reference counter to the event object. • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 http://twitter.com/aaronportnoy/statuses/45642180118855680 http://twitter.com/msftsecresponse/statuses/45646985998516224 http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own http://www.securityfocus.com/bid/46821 http://www.securitytracker.com/id?1025327 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367 h •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2011-1347 – Microsoft Internet Explorer Protected Mode Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2011-1347
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. Vulnerabilidad sin especificar en Microsoft Internet Explorer 8 en Windows 7 permite a atacantes remotos evitar el modo protegido ("Protected Mode") y crear archivos arbitrarios utilizando el acceso a un proceso de baja integridad, como ha demostrado Stephen Fewer en una de las tres vulnerabilidades encadenadas durante el concurso Pwn2Own y CanSecWest 2011. This vulnerability allows remote attackers to escape Protected Mode on vulnerable installations of Internet Explorer. Internet Explorer Protected Mode consists of a Medium Integrity and a Low Integrity process. The Low Integrity process is only allowed to write to special Low Integrity locations. File written there are marked as Low Integrity files. • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 http://twitter.com/aaronportnoy/statuses/45642180118855680 http://twitter.com/msftsecresponse/statuses/45646985998516224 http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own http://www.securityfocus.com/bid/46821 http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057 https://exchange.xfor •