Lucene search
K

26 matches found

seebug.org
seebug.org
added 2017/01/06 12:0 a.m.21 views

Microsoft Internet Explorer jscript9 - Java­Script­Stack­Walker Memory Corruption (MS15-056)

Source: http://blog.skylined.nl/20161206001.html Synopsis A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Internet Explorer 9. A pointer set up to point to certain data on the stack can be used after that data has been removed from the stack. This results i...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2016/12/15 12:0 a.m.43 views

Microsoft Internet Explorer 9 IEFRAME CMarkup..RemovePointerPos Use-After-Free

Since November I have been releasing details on all vulnerabilities I found that I have not released before. This is the 32nd entry in the series. This information is available in more detail on my blog at http://blog.skylined.nl/20161214001.html. There you can find a repro that triggered this...

9.3CVSS0.32748EPSS
Exploits3
Exploit DB
Exploit DB
added 2016/12/12 12:0 a.m.26 views

Microsoft Internet Explorer 9 - IEFRAME CSelection­Interact­Button­Behavior::_Update­Button­Location Use-After-Free (MS13-047)

function go document.exec­Command'Select­All'; document.exec­Command'superscript'; set­Timeoutfunction o­Sup­Element=document.get­Elements­By­Tag­Name'sup'0; o­Sup­Element.swap­Nodedocument.document­Element; , 0; !-- Time-line 27 September 2012: This vulnerability was found through fuzzing. 3...

7.4AI score
Exploits0
0day.today
0day.today
added 2016/12/10 12:0 a.m.51 views

Microsoft Internet Explorer 9 MSHTML - CDisp­Node::Insert­Sibling­Node Use-After-Free (MS13-037) (1)

Exploit for windows platform in category dos / poc window.onload=functionlocation.reload;; text .float float:left; .zoom zoom:3000%; .border::first-let...

9.3CVSS8.7AI score0.39109EPSS
Exploits2
exploitpack
exploitpack
added 2016/12/09 12:0 a.m.13 views

Microsoft Internet Explorer 9 - MSHTML CDisp­Node::Insert­Sibling­Node Use-After-Free (MS13-037) (1)

Microsoft Internet Explorer 9 - MSHTML CDisp­Node::Insert­Sibling­Node Use-After-Free MS13-037 1 window.onload=functionlocation.reload;; text .float float:left; .zoom zoom:3000%; .border::first-letter...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/12/09 12:0 a.m.41 views

Microsoft Internet Explorer 9 - MSHTML CDisp­Node::Insert­Sibling­Node Use-After-Free (MS13-037) (2)

!-- Source: http://blog.skylined.nl/20161208001.html Synopsis A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Internet Explorer 9. I did not investigate this vulnerability thoroughly, so I cannot speculate on the potential impact or exploitability. Known...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/12/09 12:0 a.m.52 views

Microsoft Internet Explorer 9 - MSHTML CElement::Has­Flag Memory Corruption

// First tag can be any inline but must NOT be closed yet // Second tag can be anything that's not inline. // "text1" can be anything document.write'text1'; // The tree is in good shape. show"DOM Tree after first write", get­Element­Treedocument.body; // At this point, it appears that MSIE is sti...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/12/06 12:0 a.m.41 views

Microsoft Internet Explorer 9 - 'jscript9' Java­Script­Stack­Walker Memory Corruption (MS15-056)

var o­Window = window.open"about:blank"; o­Window.exec­Script'window.o­URIError = new URIError;o­URIError.name = o­URIError;' try "" + o­Window.o­URIError; catche try "" + o­Window.o­URIError; catche Description A Javascript can construct an URIError object and sets that object's name property to...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2016/12/04 12:0 a.m.145 views

Microsoft Internet Explorer 9 CDoc::ExecuteScriptUri Use-After-Free

Since November I have been releasing details on all vulnerabilities I found in web-browsers that I had not released before. I will try to continue to publish all my old vulnerabilities, including those not in web-browser, as long as I can find some time to do so. If you find this information...

9.3CVSS6.5AI score0.34923EPSS
Exploits2
Symantec
Symantec
added 2016/11/08 12:0 a.m.31 views

Microsoft Edge and Internet Explorer XSS Filter CVE-2016-7239 Information Disclosure Vulnerability

Description Microsoft Edge and Internet Explorer are prone to an information-disclosure vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. An attacker can exploit this issue to execute...

2.6CVSS0.5AI score0.11616EPSS
Exploits1Affected Software1
Exploit DB
Exploit DB
added 2016/11/07 12:0 a.m.30 views

Microsoft Internet Explorer 9 - MSHTML CPtsTextParaclient::CountApes Out-of-Bounds Read

oElement1 position: absolute; oElement2:after position: relative; content: counterx; onload = function oElement1 = document.createElement'oElement1'; document.documentElement.appendChildoElement1; oElement2 = document.createElement'oElement2'; document.documentElement.appendChildoElement2; ; !--...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/11/02 12:0 a.m.60 views

Microsoft Internet Explorer 9 - MSHTML CAttrArray Use-After-Free (MS14-056)

oTextArea = document.createElement'textarea'; oTextArea.dataSrc = 1; oTextArea.id = 1; oTextArea.innerHTML = 1; oTextArea.onvolumechange = 1; oTextArea.style.setProperty'list-style', "url"; !-- Analysis The CAttrArray object initially allocates a CImplAry buffer of 0x40 bytes, which can store 4...

7.4AI score
Exploits0
Symantec
Symantec
added 2014/11/11 12:0 a.m.28 views

Microsoft Internet Explorer CVE-2014-6323 Clipboard Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Internet Explorer 7, 8, 9, 10, and 11 are vulnerable. Technologies Affected Avaya Aura Conferencing Standa...

4.3CVSS9.2AI score0.13564EPSS
Exploits0Affected Software2
Symantec
Symantec
added 2014/10/14 12:0 a.m.48 views

Microsoft Internet Explorer CVE-2014-4140 ASLR Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and execute arbitrary code by exploiting another vulnerability in the application. Technologies Affected Avaya Aura Conferencing Standar...

4.3CVSS9AI score0.20683EPSS
Exploits0Affected Software10
Symantec
Symantec
added 2014/09/09 12:0 a.m.25 views

Microsoft Internet Explorer CVE-2014-4110 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

9.3CVSS0.6AI score0.15145EPSS
Exploits0Affected Software1
Symantec
Symantec
added 2014/02/13 12:0 a.m.32 views

Microsoft Internet Explorer CVE-2014-0322 Use-After-Free Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

9.3CVSS0.85239EPSS
Exploits23References2Affected Software10
OpenVAS
OpenVAS
added 2014/02/12 12:0 a.m.60 views

Microsoft Internet Explorer Multiple Vulnerabilities (2909921)

This host is missing a critical security update according to Microsoft Bulletin MS14-010. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.3CVSS5AI score0.38434EPSS
Exploits5References26
Symantec
Symantec
added 2014/02/11 12:0 a.m.31 views

Microsoft Internet Explorer CVE-2014-0268 Remote Privilege Escalation Vulnerability

Description Microsoft Internet Explorer is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avay...

4.3CVSS9.5AI score0.22452EPSS
Exploits1Affected Software11
CVE
CVE
added 2013/07/10 1:0 a.m.145 views

CVE-2013-3145

Microsoft Internet Explorer 9 is affected by CVE-2013-3145 (memory corruption) via a crafted web site. It is a separate issue from CVE-2013-3150. The vulnerability is addressed by Microsoft's MS13-055 security bulletin; patching IE9 (and related components) is the recommended remediation. Exploit...

9.3CVSS7.6AI score0.25039EPSS
Exploits1References3Affected Software1
Symantec
Symantec
added 2013/07/09 12:0 a.m.31 views

Microsoft Internet Explorer CVE-2013-3150 Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 9 is affected...

9.3CVSS0.1AI score0.25039EPSS
Exploits0References1Affected Software10
Rows per page
Query Builder