CVSS: 7.8EPSS: 1%CPEs: 15EXPL: 0CVE-2011-1869
https://notcve.org/view.php?id=CVE-2011-1869
The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability." La implementación Distributed File System (DFS) en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, Windows Server 2008 Gold, SP2, R2, y R2 SP1, y Windows 7 Gold y SP1, permite a servidores DFS remotos provocar una denegación de servicio (cuelgue de sistema) a través de una respuesta de un referido manipulada. • http://secunia.com/advisories/44894 http://secunia.com/advisories/44948 http://www.securityfocus.com/bid/48187 http://www.securitytracker.com/id?1025639 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042 https://exchange.xforce.ibmcloud.com/vulnerabilities/67727 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640 • CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 16EXPL: 3CVE-2011-1249 – Microsoft Windows - 'afd.sys' Local Kernel (PoC) (MS11-046)
https://notcve.org/view.php?id=CVE-2011-1249
The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." La función del controlador auxiliar (AFD)en afd.sys de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, Windows Server 2008 Gold, Service Pack 2, R2 y R2 SP1, y Windows 7 y SP1 no valida correctamente la entrada en modo usuario,lo que permite a usuarios locales conseguir privilegios a través de una aplicación manipulada, también conocido como "Vulnerabilidad de elebación de privilegios de la función del controlador auxiliar" • https://www.exploit-db.com/exploits/18755 https://www.exploit-db.com/exploits/40564 https://github.com/N3rdyN3xus/CVE-2011-1249 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-046 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12731 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 30%CPEs: 22EXPL: 0CVE-2011-1254
https://notcve.org/view.php?id=CVE-2011-1254
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability." Microsoft Internet Explorer v6 a la v8 no manejan adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no ha sido iniciado adecuadamente o (2) es borrado. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12368 • CWE-908: Use of Uninitialized Resource •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2011-1258
https://notcve.org/view.php?id=CVE-2011-1258
Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." Microsoft Internet Explorer 6 hasta la 8, no restringe correctamente el script web, permitiendo a atacantes remotos asistidos por el usuario obtener información confidencial de otro (1) dominio o (2) zona a través de vectores que implican una operación de "arrastrar y soltar", también conocido como "Vulnerabilidad de revelación de información de arrastrar y soltar" • http://blogs.technet.com/b/msrc/archive/2011/06/09/june-advance-notification-service-and-10-immutable-laws-revisited.aspx https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12495 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 4.3EPSS: 93%CPEs: 34EXPL: 0CVE-2011-1252 – Microsoft Internet Explorer toStaticHTML Information Disclosure
https://notcve.org/view.php?id=CVE-2011-1252
Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS)en toStaticHTML API en Microsoft Internet Explorer v7 y v8, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de cadenas no especificadas. Microsoft Internet Explorer versions 8 and 9 can have the toStaticHTML function bypassed by a specially formed CSS. • http://www.us-cert.gov/cas/techalerts/TA11-256A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12577 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12885 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •