CVSS: 9.3EPSS: 82%CPEs: 5EXPL: 0CVE-2008-2258 – Microsoft Internet Explorer Table Layout Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-2258
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... performed on" document objects, aka "HTML Objects Memory Corruption Vulnerability" or "Table Layout Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2257. Internet Explorer de Microsoft versiones 5.01, 6 y 7, accede a la memoria no inicializada en determinadas condiciones, lo que permite a los atacantes remotos causar una denegación de servicio (bloqueo) y ejecutar código arbitrario por medio de vectores relacionados con un objeto de documento "appended in a specific order" con "particular functions ... performed on", también se conoce como "HTML Objects Memory Corruption Vulnerability" o "Table Layout Memory Corruption Vulnerability", una vulnerabilidad diferente de CVE-2008-2257. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects. When an object is appended in a specific order and particular functions are performed on these objects memory corruption occurs. • http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/31375 http://www.securityfocus.com/archive/1/495431/100/0/threaded http://www.securityfocus.com/bid/30610 http://www.securitytracker.com/id?1020674 http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2349 http://www.zerodayinitiative.com/advisories/ZDI-08-051 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-045 https:/ • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 82%CPEs: 5EXPL: 0CVE-2008-2257 – Microsoft Internet Explorer XHTML Rendering Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-2257
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258. Internet Explorer de Microsoft versiones 5.01, 6 y 7, accede a la memoria no inicializada en determinadas condiciones, lo que permite a los atacantes remotos causar una denegación de servicio (bloqueo) y ejecutar código arbitrario por medio de vectores relacionados con un objeto de documento "appended in a specific order", también se conoce como "HTML Objects Memory Corruption Vulnerability" o "XHTML Rendering Memory Corruption Vulnerability", una vulnerabilidad diferente de CVE-2008-2258. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects. When an object is appended in a specific order, memory corruption occurs. • http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/31375 http://www.securityfocus.com/archive/1/495430/100/0/threaded http://www.securityfocus.com/bid/30613 http://www.securitytracker.com/id?1020674 http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2349 http://www.zerodayinitiative.com/advisories/ZDI-08-050 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-045 https:/ • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 3%CPEs: 2EXPL: 1CVE-2008-2949 – Microsoft Internet Explorer 7/8 Beta 1 - Frame Location Cross Domain Security Bypass
https://notcve.org/view.php?id=CVE-2008-2949
Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector. Una vulnerabilidad de tipo cross-domain en Microsoft Internet Explorer versiones 6 y 7, permite a los atacantes remotos cambiar la propiedad de ubicación de una trama por medio del tipo de dato String y usar una trama de un dominio diferente para observar eventos independientes del dominio, como es demostrado mediante la observación de eventos onkeydown con caballero-listener. NOTA: según Microsoft, este es un duplicado del CVE-2008-2947, posiblemente un vector de ataque diferente. • https://www.exploit-db.com/exploits/31996 http://blogs.zdnet.com/security/?p=1348 http://sirdarckcat.blogspot.com/2008/05/browsers-ghost-busters.html http://technet.microsoft.com/en-us/security/cc405107.aspx#EHD http://www.kb.cert.org/vuls/id/516627 http://www.vupen.com/english/advisories/2008/1941/references •
CVSS: 6.8EPSS: 95%CPEs: 3EXPL: 1CVE-2008-2947
https://notcve.org/view.php?id=CVE-2008-2947
Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors. Vulnerabilidad de dominios cruzados en Microsoft Internet Explorer 6 permite a atacantes remotos acceder a información restringida de otros dominios a través de JavaScript que utiliza tipos de datos Object para el valor de una propiedad (1) location o (2) location.href. • http://blogs.zdnet.com/security/?p=1348 http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://secunia.com/advisories/30857 http://www.kb.cert.org/vuls/id/923508 http://www.ph4nt0m.org-a.googlepages.com/PSTZine_0x02_0x04.txt http://www.securityfocus.com/bid/29960 http://www.securitytracker.com/id?1020382 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/1940/references http://www.vupen.com/english/advisories/ • CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 68%CPEs: 2EXPL: 0CVE-2008-1442 – Microsoft Internet Explorer DOM Object substringData() Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-1442
Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability." Desbordamiento de búfer basado en montículo en el método substringData en Microsoft Internet Explorer 6 y 7 permite a atacantes remotos ejecutar código de su elección a través de, lo que esta relacionado con un manipulación no específica de un objeto DOM antes de una llamada a este método, también conocida como "Vulnerabilidad de corrupción de memoria por objetos HTML" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the substringData() method when called on a DOM object that has been manipulated in a special way. The attack results in an exploitable heap buffer allowing for code execution under the context of the current user. • http://marc.info/?l=bugtraq&m=121380194923597&w=2 http://secunia.com/advisories/30575 http://securityreason.com/securityalert/3934 http://securitytracker.com/id?1020225 http://www.securityfocus.com/archive/1/493253/100/0/threaded http://www.securityfocus.com/bid/29556 http://www.us-cert.gov/cas/techalerts/TA08-162B.html http://www.vupen.com/english/advisories/2008/1778 http://www.zerodayinitiative.com/advisories/ZDI-08-039 https://docs.microsoft.com/en-us/security-updates&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •