CVSS: 9.3EPSS: 93%CPEs: 25EXPL: 0CVE-2010-0247
https://notcve.org/view.php?id=CVE-2010-0247
Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01 SP4, 6 y 6 SP1 no maneja de manera apropiada los objetos en memoria lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue correctamente iniciado o (2) es borrado, lo que conduce a una corrupción de memoria, también conocida como "Vulnerabilidad de Corrupción de Memoria no Iniciada". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 https://exchange.xforce.ibmcloud.com/vulnerabilities/55777 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8506 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 93%CPEs: 59EXPL: 0CVE-2010-0244 – Microsoft Internet Explorer Table Layout Col Tag Cache Update Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0244
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531. Microsoft Internet Explorer 6, 6 SP1, 7 y 8 no maneja de manera apropiada los objetos en memoria lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue correctamente iniciado o (2) es borrado, lo que conduce a una corrupción de memoria, también conocida como "Vulnerabilidad de Corrupción de Memoria no Iniciada", una vulnerabilidad diferente a CVE-2009-2530 and CVE-2009-2531. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when a Col element is used within an HTML table container. If this element is removed while the table is in use a cache that exists of the table's cells will be used after one of it's elements has been invalidated. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 https://exchange.xforce.ibmcloud.com/vulnerabilities/55774 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8186 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 97%CPEs: 59EXPL: 1CVE-2010-0248 – Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0248
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 6, 6 SP1, 7 y 8 no maneja de manera apropiada los objetos en memoria lo que permite a atacantes remotos ejecutar código de su elección accediendo a un objeto que (1) no fue correctamente iniciado o (2) es borrado, lo que conduce a una corrupción de memoria, también conocida como "Vulnerabilidad de Corrupción de Memoria del Objeto HTML". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of cloned DOM objects in JavaScript. A specially crafted sequence of object cloning can result in the use of a pointer after it has been freed. • https://www.exploit-db.com/exploits/18642 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002 https://exchange.xforce.ibmcloud.com/vulnerabilities/55778 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8267 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-416: Use After Free •
CVSS: 4.3EPSS: 87%CPEs: 1EXPL: 1CVE-2007-0562 – Microsoft Windows Explorer - '.AVI' File Denial of Service
https://notcve.org/view.php?id=CVE-2007-0562
Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file. Windows Explorer (explorer.exe) 6.0.2900.2180 de Microsoft Windows XP SP2 permite a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio (caída de aplicación) mediante un fichero .avi manipulado, que dispara una caída cuando el usuario pulsa con el botón derecho del ratón en el fichero. • https://www.exploit-db.com/exploits/3190 http://osvdb.org/43307 •
CVSS: 4.3EPSS: 23%CPEs: 2EXPL: 1CVE-2006-6602 – Microsoft Windows Explorer - 'explorer.exe .WMV' File Handling Denial of Service
https://notcve.org/view.php?id=CVE-2006-6602
explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file. explorer.exe en Windows Explorer 6.00.2900.2180 en Microsoft Windows XP SP2 permite a atacantes con la intervención del usuario provocar denegación de servicio a través de un archivo WMV modificado. • https://www.exploit-db.com/exploits/29286 http://www.securityfocus.com/archive/1/454502/100/0/threaded http://www.securityfocus.com/archive/1/454584/100/0/threaded http://www.securityfocus.com/bid/21612 http://www.vupen.com/english/advisories/2006/5039 •