CVE-2013-3918 – Microsoft Internet Explorer - CardSpaceClaimCollection ActiveX Integer Underflow (MS13-090)
https://notcve.org/view.php?id=CVE-2013-3918
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability." El control InformationCardSigninHelper Class ActiveX en la biblioteca icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server versión 2003 SP2, Windows Vista versión SP2, Windows Server versión 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows versión 8.1, Windows Server 2012 Gold and R2, y Windows RT Gold y versión 8.1 permiten a los atacantes remotos ejecutar código arbitrario o provocar una Denegación de Servicio (escritura fuera de límites) por medio de una página web creada a la que accede Internet Explorer, explotada de forma inminente en noviembre de 2013, también conocida como "InformationCardSigninHelper Vulnerability." • https://www.exploit-db.com/exploits/29857 http://blogs.technet.com/b/msrc/archive/2013/11/11/activex-control-issue-being-addressed-in-update-tuesday.aspx http://www.darkreading.com/vulnerability/new-ie-vulnerability-found-in-the-wild-s/240163814 http://www.fireeye.com/blog/technical/2013/11/new-ie-zero-day-found-in-watering-hole-attack.html http://www.us-cert.gov/ncas/alerts/TA13-317A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-090 https://isc. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-1347 – Microsoft Internet Explorer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1347
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013. Microsoft Internet Explorer 8 no maneja adecuadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección cuando acceden al objeto que (1)no se ha asignado adecuadamente o (2) se ha eliminado, como han sido explotadas a lo largo de mayo. This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. • https://www.exploit-db.com/exploits/25294 http://technet.microsoft.com/security/advisory/2847140 http://www.exploit-db.com/exploits/25294 http://www.us-cert.gov/ncas/alerts/TA13-134A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-038 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16727 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-0073
https://notcve.org/view.php?id=CVE-2013-0073
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." El componente Windows Forms (conocido como WinForms) de Microsoft .NET Framework v2.0 SP2, v3.5, v3.5.1, v4, y v4.5 no restringe adecuadamente los privilegios de una función callback durante la creación de objetos, lo cual permite a atacantes remotos ejecutar código arbitrario a través de (1) una aplicación de navegador XAML diseñada (XBAP) o (2) una aplicación .NET Framework modificada. Se trata de un problema también conocido como "WinForms Callback Elevation Vulnerability." • http://www.us-cert.gov/cas/techalerts/TA13-043B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-015 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16475 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-0005
https://notcve.org/view.php?id=CVE-2013-0005
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability." La función WCF Replace en la implementación del protocolo Open Data (alias OData) en Microsoft. NET Framework v3.5, v3.5 SP1, v3.5.1 y v4, y Management OData IIS Extension en Windows Server 2012, permite a atacantes remotos provocar una denegación de servicio (consumo de recursos y el reinicio del demonio) a través de los valores modificados en las peticiones HTTP, alias "Replace Denial of Service Vulnerability". • http://www.us-cert.gov/cas/techalerts/TA13-008A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-007 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16282 • CWE-20: Improper Input Validation •
CVE-2012-4969 – Microsoft Internet Explorer Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2012-4969
Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012. Vulnerabilidad de error en la gestión de recursos en la función CMshtmlEd::Exec en mshtml.dll en Microsoft Internet Explorer 6 a 9 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado, como se ha explotado en septiembre de 2012. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CCommand::Exec function. It is possible to free certain objects in a callback function called from the CCommand::Exec function. • https://www.exploit-db.com/exploits/21840 http://blog.vulnhunt.com/index.php/2012/09/17/ie-execcommand-fuction-use-after-free-vulnerability-0day_en http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ie_execcommand_uaf.rb http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet http://technet.microsoft.com/security/advisory/2757760 http://www.kb.cert.org/vuls/id/480095 http://www.securitytracker.com/id?1027538 http •