206 results (0.004 seconds)

CVSS: 7.5EPSS: 8%CPEs: 30EXPL: 0

09 Mar 2012 — Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. Microsoft Internet Explorer v6 a v9, y v10 Consumer Preview, permite a atacantes remotos eludir el modo protegido o causar una denegación de servicio (por corrupción de memoria), aprovechando el acceso a un proceso de baja in... • http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 22%CPEs: 101EXPL: 1

07 Dec 2011 — The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. La implementación de las Hojas de Estilo en Cascada (CSS) en Microsoft Internet Explorer, no controla correctamente el :visited pseudo-class, lo que permite a atacantes remotos obtener información sensible acerca de ... • http://bugzilla.mozilla.org/show_bug.cgi?id=147777 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 10%CPEs: 101EXPL: 1

07 Dec 2011 — The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. La ejecución de JavaScript en Microsoft Internet Explorer v8.0 y anteriores, no restringe adecuadamente el conjunto de valores contenidos en el objeto devuelto por el método getComputedStyle, lo que permite a atacan... • http://w2spconf.com/2010/papers/p26.pdf • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 35%CPEs: 97EXPL: 0

03 Jun 2011 — Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue. Microsoft Internet Explorer v8 y versiones anteriores, y la beta de Internet Explorer v9, no restringen adecuadamente las acciones de arrastrar y soltar a t... • http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 35%CPEs: 8EXPL: 0

03 Jun 2011 — Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release. M... • http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 6%CPEs: 2EXPL: 0

17 Aug 2010 — The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document. El control ActiveX Oracle Siebel Option Pack para IE no inicializa adecuadamente la memoria que usa el método NewBusObj, lo cual permite a atacantes remotos ejecutar código a su elección a través de documentos HTML manipulados. • http://secunia.com/advisories/40804 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.5EPSS: 16%CPEs: 2EXPL: 1

01 Jun 2010 — Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs. Vulnerabilidad en Microsoft Internet Explorer v6.0.2900.2180 y v8.0.7600.16385 permite a atacantes remotos provocar una denegación de servicio (agotamiento de recursos) a través de código JavaScript que contenga un bucle infinito que crea elementos IFRAME a URIs de tipo n... • http://websecurity.com.ua/4238 • CWE-399: Resource Management Errors •

CVSS: 6.5EPSS: 13%CPEs: 4EXPL: 1

20 May 2010 — Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. Microsoft Internet Explorer v6.0.2900.2180, v7 y v8.0.7600.16385 ejecuta una aplicación mail en situaciones dónde un elemento IFRAME tiene un mailto: URL en su atributo SRC lo que permite a atacantes r... • http://websecurity.com.ua/4206 • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 30%CPEs: 127EXPL: 1

22 Jul 2009 — Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. Microsoft Internet Explorer v6.0.2900.2180 y anteriores permite a atacantes remotos causar una denegación de servicio (consumo de memoria y CPU) a través de un argumento de cadena de caracteres Unicode larga... • http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html • CWE-399: Resource Management Errors •

CVSS: 9.8EPSS: 18%CPEs: 14EXPL: 2

10 Jul 2009 — Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument. Desbordamiento de búfer basado en pila en el método AddFavorite en Microsoft Internet Explorer permite a atacantes remotos provocar una denegación de servicio (cuelgue de aplicación) y posiblemente tiene otro impacto no especificado a través de una URL larga en el primer a... • https://www.exploit-db.com/exploits/9100 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •