CVSS: 10.0EPSS: 93%CPEs: 9EXPL: 0CVE-2012-4786
https://notcve.org/view.php?id=CVE-2012-4786
12 Dec 2012 — The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability." Los controladores kernel-mode en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, y R2 SP1, Windows 7 Gold ... • http://www.us-cert.gov/cas/techalerts/TA12-346A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 3%CPEs: 29EXPL: 1CVE-2010-0555
https://notcve.org/view.php?id=CVE-2010-0555
04 Feb 2010 — Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448. Microsoft Internet Explorer v5.01 SP4, v6, vv6 SP1, v7, y v8 n... • http://blogs.technet.com/msrc/archive/2010/02/03/security-advisory-980088-released.aspx •
CVSS: 6.5EPSS: 65%CPEs: 49EXPL: 1CVE-2010-0255
https://notcve.org/view.php?id=CVE-2010-0255
04 Feb 2010 — Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448. Microsoft Internet Explorer v... • http://blogs.technet.com/msrc/archive/2010/02/03/security-advisory-980088-released.aspx • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 3%CPEs: 29EXPL: 1CVE-2009-1140 – Microsoft Internet Explorer 5.0.1 - Cached Content Cross Domain Information Disclosure
https://notcve.org/view.php?id=CVE-2009-1140
10 Jun 2009 — Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability." Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 y 7 en Windows XP SP2 y SP3; 6 y 7 en Server 2003 SP2; 7 en Vista Gold, SP1 y SP2; y 7 en Server 2008... • https://www.exploit-db.com/exploits/33024 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2009-1124
https://notcve.org/view.php?id=CVE-2009-1124
10 Jun 2009 — The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability." El Kernel en Microsoft Windows 2000 SP4, XP SP2 y XP SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 SP2 no validan de forma apropiada los punteros en modo usuario, bajo cond... • http://osvdb.org/54941 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 1CVE-2009-0229
https://notcve.org/view.php?id=CVE-2009-0229
10 Jun 2009 — The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." Servicio de impresión de Windows en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1 y SP2, y Server 2008 SP2 permite a usuarios locales leer archivos arbitrarios a través de un separador de página elaborado, alias "Vulnerabilida... • https://github.com/zveriu/CVE-2009-0229-PoC • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 64%CPEs: 26EXPL: 0CVE-2009-1528 – Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1528
10 Jun 2009 — Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchronous XMLHttpRequest calls, aka "HTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer versiones 6 y 7 para Windows XP SP2 y SP3; 6 y 7 para el servidor 2003 SP2; 7 para Vista Gold, SP1 y SP2;... • http://osvdb.org/54947 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 74%CPEs: 46EXPL: 0CVE-2009-1529 – Microsoft Internet Explorer setCapture Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1529
10 Jun 2009 — Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 7 para Windows XP SP2 y SP3; 7 para Server 2003 SP2; 7 para Vista Gold, SP1 y SP2; y 7 para Server 2008 SP2, no maneja apro... • http://osvdb.org/54948 • CWE-399: Resource Management Errors CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 83%CPEs: 46EXPL: 0CVE-2009-1530 – Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1530
10 Jun 2009 — Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en Microsoft Inter... • http://osvdb.org/54949 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 64%CPEs: 17EXPL: 0CVE-2009-1531 – Microsoft Internet Explorer onreadystatechange Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-1531
10 Jun 2009 — Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reordering of elements, followed by an onreadystatechange event, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Object Memory Corruption Vulnerability." Microsoft... • http://osvdb.org/54950 • CWE-399: Resource Management Errors •