CVSS: 10.0EPSS: 97%CPEs: 6EXPL: 2CVE-2010-0805 – Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0805
The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability." El control ActiveX de Tabular Data Control (TDC) en Internet Explorer de Microsoft versiones 5.01 SP4, 6 sobre Windows XP SP2 y SP3, y versión 6 SP1, permite a los atacantes remotos ejecutar código arbitrario por medio de una URL larga (parámetro DataURL) que desencadena corrupción de memoria en la función CTDCCtl::SecurityCHeckDataURL, también se conoce como "Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the Tabular Data Control ActiveX module. Specifically, if provided a malicious DataURL parameter a stack corruption may occur in the function CTDCCtl::SecurityCHeckDataURL. • https://www.exploit-db.com/exploits/12032 https://www.exploit-db.com/exploits/16567 http://securitytracker.com/id?1023773 http://www.securityfocus.com/archive/1/510507/100/0/threaded http://www.securityfocus.com/bid/39025 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 http://www.zerodayinitiative.com/advisories/ZDI-10-034 https://docs.microsoft.com/en-us/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 93%CPEs: 9EXPL: 0CVE-2010-0491
https://notcve.org/view.php?id=CVE-2010-0491
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability." Vulnerabilidad de uso despues de liberación en Microsoft Internet Explorer 5.01 SP4, 6 y 6 SP1, permite a atacantes remotos ejecutar código de su elección cambiando propiedades no especificadas de un objeto HTML que tiene un gestor de evento "onreadystatechange", también conocido como "HTML Object Memory Corruption Vulnerability." • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=864 http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39027 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8421 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 1CVE-2010-1175 – Microsoft Internet Explorer - XML Parsing Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-1175
Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability." Microsoft Internet Explorer v7.0 en Windows XP y Windows Server 2003 permite a atacantes remotos tener un impacto sin especificar a través de ciertos documentos XML que hacen referencia a sitios web modificados en el atributo SRC de un elemento image. Relacionado con una "0day Vulnerability" (vulnerabilidad sin parchear). • https://www.exploit-db.com/exploits/7477 http://www.securityfocus.com/archive/1/510280/100/0/threaded •
CVSS: 10.0EPSS: 13%CPEs: 2EXPL: 1CVE-2010-1118
https://notcve.org/view.php?id=CVE-2010-1118
Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. Vulnerabilidad no especificada en Internet Explorer 8 en Microsoft Windows 7 permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, puede que esté relacionado con un problema de uso después de la liberación (use-after-free), como ha demostrado Peter Vreugdenhil en la competición Pwn2Own de CanSecWest 2010. • http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 http://news.cnet.com/8301-27080_3-20001126-245.html http://twitter.com/thezdi/statuses/11003801960 http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/57197 •
CVSS: 7.6EPSS: 1%CPEs: 2EXPL: 1CVE-2010-1117
https://notcve.org/view.php?id=CVE-2010-1117
Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. Desbordamiento de búfer basado en memoria dinámica (heap) en Internet Explorer 8 sobre Microsoft Windows 7, permite a atacantes remotos descubrir la ubicación de un archivo .dll y posiblemente tener otro impacto a través de vectores desconocidos, como ha demostrado Peter Vreugdenhil durante la competición Pwn2Own en CanSecWest 2010. • http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 http://news.cnet.com/8301-27080_3-20001126-245.html http://twitter.com/thezdi/statuses/11003801960 http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/57196 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •