CVSS: 9.3EPSS: 86%CPEs: 40EXPL: 0CVE-2011-0036
https://notcve.org/view.php?id=CVE-2011-0036
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035. Microsoft Internet Explorer 6, 7 y 8 no controlan correctamente los objetos en la memoria, lo que permite a atacantes remotos ejecutar código arbitrario mediante el acceso a un objeto que (1) no se ha inicializado correctamente o (2) se ha eliminado, lo que provoca que la memoria se corrompa. Esta vulnerabilidad está relacionada con un "dangling pointer" o "Uninitialized Memory Corruption Vulnerability", que es una vulnerabilidad diferente de CVE-2010-2556 y CVE-2011-0035. • http://osvdb.org/70832 http://support.avaya.com/css/P8/documents/100127294 http://www.securityfocus.com/bid/46158 http://www.securitytracker.com/id?1025038 http://www.vupen.com/english/advisories/2011/0318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003 https://exchange.xforce.ibmcloud.com/vulnerabilities/64912 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12261 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 95%CPEs: 18EXPL: 0CVE-2011-0038
https://notcve.org/view.php?id=CVE-2011-0038
Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." La vulnerabilidad de la ruta de búsqueda no confiable en Microsoft Internet Explorer 8 permitiría a los usuarios locales alcanzar privilegios por medio de la biblioteca IEShims.dll de tipo caballo de Troya en el directorio de trabajo actual, como es demostrado por un directorio de escritorio que contiene un archivo HTML, también se conoce como "Internet Explorer Insecure Library Loading Vulnerability". • http://osvdb.org/70833 http://support.avaya.com/css/P8/documents/100127294 http://www.fortiguard.com/advisory/FGA-2011-04.html http://www.securityfocus.com/bid/46159 http://www.securitytracker.com/id?1025038 http://www.vupen.com/english/advisories/2011/0318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003 https://exchange.xforce.ibmcloud.com/vulnerabilities/64913 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12270 •
CVSS: 9.3EPSS: 69%CPEs: 40EXPL: 0CVE-2011-0346
https://notcve.org/view.php?id=CVE-2011-0346
Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en la función ReleaseInterface de la biblioteca MSHTML.dll en Microsoft Internet Explorer versiones 6, 7 y 8 permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de vectores relacionados con la implementación DOM y las funciones BreakAASpecial y BreakCircularMemoryReferences, como es demostrado por cross_fuzz, también se conoce como "MSHTML Memory Corruption Vulnerabilityā€¯. • http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0698.html http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt http://lcamtuf.coredump.cx/cross_fuzz/known_vuln.txt http://lcamtuf.coredump.cx/cross_fuzz/msie_crash.txt http://www.kb.cert.org/vuls/id/427980 h • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.3EPSS: 97%CPEs: 2EXPL: 9CVE-2010-3971 – Microsoft Internet Explorer 8 - CSS Parser Denial of Service
https://notcve.org/view.php?id=CVE-2010-3971
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability." Vulnerabilidad de uso después de liberación en la función CSharedStyleSheet::Notify en el parseado Cascading Style Sheets (CSS) en mshtml.dll, como el usado en Microsoft Internet Explorer v7 y v8 y probablemente otros productos, permite a atacantes remotos causar una denegación de servicio (caída) y ejecutar código de su elección a través de multiples llamdas @import en un documento manipulado. • https://www.exploit-db.com/exploits/15708 https://www.exploit-db.com/exploits/15746 https://www.exploit-db.com/exploits/16533 https://github.com/nektra/CVE-2010-3971-hotpatch http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx http://seclists.org/fulldisclosure/2010/Dec/110 http://secunia.com/advisories/42510 http://support.avaya.com/css/P8/documents/100127294 http://www.breakingpointsystems.com/commun • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 1%CPEs: 14EXPL: 0CVE-2010-3342
https://notcve.org/view.php?id=CVE-2010-3342
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348. Microsoft Internet Explorer 6, 7 y 8 no previene el renderizado del contenido cacheado como HTML, lo que permite a atacantes remotos acceder al contenido a través de un (1)dominio distinto o (2) zona diferente a través de una secuencia de comandos no especificada. También conocida como "Cross-Domain Information Disclosure Vulnerability". Vulnerabilidad distinta de CVE-2010-3348. • http://www.securitytracker.com/id?1024872 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11447 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •