CVSS: 7.5EPSS: 8%CPEs: 30EXPL: 0CVE-2012-1545
https://notcve.org/view.php?id=CVE-2012-1545
09 Mar 2012 — Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. Microsoft Internet Explorer v6 a v9, y v10 Consumer Preview, permite a atacantes remotos eludir el modo protegido o causar una denegación de servicio (por corrupción de memoria), aprovechando el acceso a un proceso de baja in... • http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 35%CPEs: 97EXPL: 0CVE-2011-2382
https://notcve.org/view.php?id=CVE-2011-2382
03 Jun 2011 — Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue. Microsoft Internet Explorer v8 y versiones anteriores, y la beta de Internet Explorer v9, no restringen adecuadamente las acciones de arrastrar y soltar a t... • http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 35%CPEs: 8EXPL: 0CVE-2011-2383
https://notcve.org/view.php?id=CVE-2011-2383
03 Jun 2011 — Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release. M... • http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388 • CWE-20: Improper Input Validation •