CVSS: 9.3EPSS: 97%CPEs: 26EXPL: 1CVE-2011-1260 – Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1260
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability." Microsoft Internet Explorer 8 y 9 no maneja adecuadamente los objetos en memoria, lo qeu permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no haya sido iniciado adecuadamente o (2) sea eleiminado. También se conoce como "Vulnerabilidad de Diseño de Corrupción de Memoria" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles unusual values for the layout-grid-char style property. Specific values may result in the destruction of a tree node that is still in use during the rendering of the HTML page. • https://www.exploit-db.com/exploits/17409 http://securityreason.com/securityalert/8275 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12308 http://d0cs4vage.blogspot.com/2011/06/insecticides-dont-kill-bugs-patch.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.7EPSS: 0%CPEs: 64EXPL: 2CVE-2011-1271 – Microsoft .NET Framework JIT Compiler - Optimization NULL String Remote Code Execution
https://notcve.org/view.php?id=CVE-2011-1271
The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability." El Compilador JIT en Microsoft .NET Framework versiones 3.5 Gold y SP1, 3.5.1 y 4.0, cuando IsJITOptimizerDisabled es falso, no controla apropiadamente las expresiones relacionadas con cadenas NULL, lo que permite a los atacantes dependiendo del contexto omitir las restricciones de acceso previstas, y, en consecuencia, ejecutar código arbitrario, en circunstancias oportunistas mediante la explotación a una aplicación creada, como es demostrado por (1) una aplicación de navegador XAML creada (también conocida como XBAP), (2) una aplicación ASP.NET creada, o (3) una aplicación de .NET Framework creada, también se conoce como "NET Framework JIT Optimization Vulnerability". • https://www.exploit-db.com/exploits/35740 http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-044 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12686 • CWE-264: Permissions, Privileges, and Access Controls CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 91%CPEs: 6EXPL: 1CVE-2011-1248 – Microsoft WINS Service Failed Response Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1248
WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability." WINS en Microsoft Windows Server 2003 SP2 y Server 2008 Gold, SP2, R2, y R2 SP1 no manejan adecuadamente excepciones de envío del socket, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de paquetes manipulados, relacionado con valores "stack-frame" no intencionados y "buffer passing", también conocidos como "WINS Service Failed Response Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Internet Name Service (WINS). Authentication is not required to exploit this vulnerability. The specific flaw exists within the wins.exe service distributed with Microsoft Windows 2003 Server. This service is designed to resolve NetBIOS requests and accepts connections on port 42. • https://www.exploit-db.com/exploits/17830 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-035 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12724 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2010-4562
https://notcve.org/view.php?id=CVE-2010-4562
Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. Microsoft Windows 2008, 7, Vista, 2003, 2000 y XP, cuando se utiliza IPv6, permite a atacantes remotos determinar si un host está interceptando el tráfico de red mediante el envío de una solicitud de eco ICMPv6 (ICMPv6 Echo Request) a una dirección multicast y determinando si se envía una respuesta de eco, como lo demuestra la aplicación thcping. NOTA: debido a un error tipográfico, algunas fuentes apuntan el CVE-2010-4562 a una vulnerabilidad mod_sql de ProFTPd, pero el problema está explicado en CVE-2010-4652. • http://seclists.org/dailydave/2011/q2/25 http://seclists.org/fulldisclosure/2011/Apr/254 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 0CVE-2011-0676
https://notcve.org/view.php?id=CVE-2011-0676
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." win32k.sys en los drivers de kernel-mode en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, Windows Server 2008 Gold, Service Pack 2, R2 y R2 SP1, y Windows 7 Gold y SP1 permite a usuarios locales para obtener privilegios a través de una aplicación diseñada que dispara una resolución de puntero Nulo, una vulnerabilidad diferente a otros "vulnerabilidad de tipo 2 " CVE enumerados en MS11 - 034, también conocido como " Win32k vulnerabilidad de resolución de puntero Nulo" • http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx http://secunia.com/advisories/44156 http://support.avaya.com/css/P8/documents/100133352 http://www.securityfocus.com/bid/47220 http://www.securitytracker.com/id?1025345 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0952 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034 https://excha •