CVSS: 5.8EPSS: 1%CPEs: 30EXPL: 0CVE-2012-1545
https://notcve.org/view.php?id=CVE-2012-1545
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. Microsoft Internet Explorer v6 a v9, y v10 Consumer Preview, permite a atacantes remotos eludir el modo protegido o causar una denegación de servicio (por corrupción de memoria), aprovechando el acceso a un proceso de baja integridad, como lo demostró VUPEN durante una competencia Pwn2Own en CanSecWest 2012 • http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars http://pwn2own.zerodayinitiative.com/status.html http://twitter.com/vupen/statuses/177895844828291073 http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 101EXPL: 1CVE-2010-5071
https://notcve.org/view.php?id=CVE-2010-5071
The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. La ejecución de JavaScript en Microsoft Internet Explorer v8.0 y anteriores, no restringe adecuadamente el conjunto de valores contenidos en el objeto devuelto por el método getComputedStyle, lo que permite a atacantes remotos obtener información sensible acerca de las páginas web visitadas por llamar a este método. • http://w2spconf.com/2010/papers/p26.pdf • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 101EXPL: 1CVE-2002-2435
https://notcve.org/view.php?id=CVE-2002-2435
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. La implementación de las Hojas de Estilo en Cascada (CSS) en Microsoft Internet Explorer, no controla correctamente el :visited pseudo-class, lo que permite a atacantes remotos obtener información sensible acerca de las páginas web visitadas a través de un documento HTML manipulado. Relacionado con CVE-2010-2264. • http://bugzilla.mozilla.org/show_bug.cgi?id=147777 http://w2spconf.com/2010/papers/p26.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/71817 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 1%CPEs: 97EXPL: 0CVE-2011-2382
https://notcve.org/view.php?id=CVE-2011-2382
Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue. Microsoft Internet Explorer v8 y versiones anteriores, y la beta de Internet Explorer v9, no restringen adecuadamente las acciones de arrastrar y soltar a través de diferentes zonas de seguridad, lo que permite leer archivos de cookies a atacantes remotos asistidos por el usuario a través de vectores que implican un elemento IFRAME con un atributo SRC que contiene una URL file:, como lo demuestra un juego de Facebook, relacionado con un problema de "cookiejacking". • http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388 http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt http://news.cnet.com/8301-1009_3-20066419-83.html http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503 http://www.informationweek.com/news/security/vulnerabilities/229700031 http://www.networkworld.com/community/node/74259 http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking http://www. • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 1CVE-2010-1991
https://notcve.org/view.php?id=CVE-2010-1991
Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. Microsoft Internet Explorer v6.0.2900.2180, v7 y v8.0.7600.16385 ejecuta una aplicación mail en situaciones dónde un elemento IFRAME tiene un mailto: URL en su atributo SRC lo que permite a atacantes remotos provocar una denegación del servicio (lanzamiento de demasiadas aplicaciones) a través de un documento HTML con varios elementos IFRAME • http://websecurity.com.ua/4206 http://www.securityfocus.com/archive/1/511327/100/0/threaded • CWE-399: Resource Management Errors •