CVSS: 10.0EPSS: 87%CPEs: 19EXPL: 0CVE-2010-0492 – Microsoft Internet Explorer TIME2 Behavior Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0492
Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." La vulnerabilidad de Uso de la Memoria Previamente Liberada en la biblioteca mstime.dll en Microsoft Internet Explorer 8 permite a los atacantes remotos ejecutar código arbitrario por medio de vectores relacionados con el procedimiento TIME2, el objeto CTimeAction y la destrucción del marcado, lo que conlleva a la corrupción de la memoria, también se conoce como " HTML Object Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The issue is located within the CTimeAction object. During handling of the TIME2 behavior, an attacker can trick the application into destroying the markup causing the application to reference memory that has previously been freed. • http://securitytracker.com/id?1023773 http://www.securityfocus.com/archive/1/510506/100/0/threaded http://www.securityfocus.com/bid/39030 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 http://www.zerodayinitiative.com/advisories/ZDI-10-033 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/defi • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 7%CPEs: 45EXPL: 0CVE-2010-0494
https://notcve.org/view.php?id=CVE-2010-0494
Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability." Vulnerabilidad de dominio cruzado en Microsoft Internet Explorer 6, 6 SP1, 7 y 8 permite a atacantes remotos asistidos por el usuario eludir la Política del mismo Origen (Same Origin Policy) y realizar ataques de secuencias de comandos en sitios cruzados (XSS) mediante una un documento HTML manipulado en una situación en la que el usuario cliente arrastra una ventana del navegador a través de otra, también conocido como "HTML Element Cross-Domain Vulnerability." • http://securitytracker.com/id?1023773 http://www.securityfocus.com/bid/39047 http://www.us-cert.gov/cas/techalerts/TA10-068A.html http://www.us-cert.gov/cas/techalerts/TA10-089A.html http://www.vupen.com/english/advisories/2010/0744 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8553 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 13%CPEs: 2EXPL: 1CVE-2010-1118
https://notcve.org/view.php?id=CVE-2010-1118
Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. Vulnerabilidad no especificada en Internet Explorer 8 en Microsoft Windows 7 permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, puede que esté relacionado con un problema de uso después de la liberación (use-after-free), como ha demostrado Peter Vreugdenhil en la competición Pwn2Own de CanSecWest 2010. • http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 http://news.cnet.com/8301-27080_3-20001126-245.html http://twitter.com/thezdi/statuses/11003801960 http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/57197 •
CVSS: 7.6EPSS: 30%CPEs: 10EXPL: 3CVE-2010-0917
https://notcve.org/view.php?id=CVE-2010-0917
Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483. Desbordamiento de búfer basado en pila en VBScript en Microsoft Windows 2000 SP4, XP SP2 y SP3 y Server 2003 SP2, al usar Internet Explorer, puede permitir a atacantes remotos asistidos por el usuario ejecutar código de su elección mediante una cadena larga en el cuarto argumento (alias argumento helpfile) para una función MsgBox, que conduce a la ejecución de código cuando se pulsa la tecla F1, una vulnerabilidad diferente a CVE-2010-0483. • http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt http://isec.pl/vulnerabilities10.html http://www.microsoft.com/technet/security/advisory/981169.mspx http://www.securityfocus.com/bid/38473 http://www.theregister.co.uk/2010/03/01/ie_code_execution_bug https://exchange.xforce.ibmcloud.com/vulnerabilities/56560 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 97%CPEs: 10EXPL: 6CVE-2010-0483 – Microsoft Internet Explorer - 'Winhlp32.exe' MsgBox Code Execution (MS10-023)
https://notcve.org/view.php?id=CVE-2010-0483
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." La biblioteca VBScript.dll en VBScript versiones 5.1, 5.6, 5.7 y 5.8 en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2, cuando se utiliza Internet Explorer, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario mediante referencia a un (1) nombre de ruta local, (2) nombre de ruta (pathname) compartida UNC , o (3) servidor WebDAV con un archivo .hlp creado en el argumento fourth (también se conoce como argumento HelpFile) a la función MsgBox, lo que conlleva a la ejecución de código que implica WinHlp32.exe cuando se presiona la tecla F1, también conocida como "VBScript Help Keypress Vulnerability". • https://www.exploit-db.com/exploits/16541 https://www.exploit-db.com/exploits/11615 http://blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspx http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx http://blogs.technet.com/srd/archive/2010/03/01/help-keypress-vulnerability-in-vbscript-enabling-remote-code-execution.aspx http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt http://isec.pl/vulnera • CWE-94: Improper Control of Generation of Code ('Code Injection') •