385 matches found
CVE-2013-2551
CVE-2013-2551 is a use-after-free vulnerability in Microsoft Internet Explorer (IE 6–10) that allows remote code execution when a crafted web page triggers access to a deleted object. The issue is documented as an internet-explorer use-after-free vulnerability exploited via drive-by pages (notabl...
CVE-2012-4969
The CVE-2012-4969 issue is a use-after-free in the CMshtmlEd::Exec function of mshtml.dll used by Microsoft Internet Explorer (IE6–IE9 according to the CVE payload). Exploitation enabled remote code execution via a crafted website; the vulnerability was observed in the wild around September 2012....
CVE-2013-3897
CVE-2013-3897 is a use-after-free vulnerability in the CDisplayPointer class of mshtml.dll used by Microsoft Internet Explorer (IE6–IE11). The flaw is triggered via crafted JavaScript using the onpropertychange event, leading to remote code execution or memory corruption. Public discussions and r...
CVE-2014-1776
CVE-2014-1776 is a memory‑safety flaw in Microsoft Internet Explorer (versions 6–11) described as a use‑after‑free in CMarkup::IsConnectedToPrimaryMarkup. Exploitation leads to remote code execution or memory corruption, with evidence of in‑the‑wild activity in April 2014. The vulnerability affec...
CVE-2013-7331
CVE-2013-7331 is an information-disclosure vulnerability in the Microsoft XMLDOM ActiveX control used by Internet Explorer on Windows (XMLDOM object). The flaw allows an attacker to determine the existence of local pathnames, UNC shares, intranet hostnames, and intranet IP addresses by inspecting...
CVE-2015-2502
CVE-2015-2502 affects Internet Explorer 7–11 and is a memory-corruption vulnerability triggered by visiting a crafted web site. The issue allows remote code execution (or DoS) and was exploited in the wild around August 2015. Public documentation identifies the affected software as Internet Explo...
CVE-2014-4123
CVE-2014-4123 affects Microsoft Internet Explorer 7–11. The vulnerability allows remote attackers to gain privileges via a crafted web site (elevation of privilege). Exploitation in the wild was noted in October 2014 (per the CVE description). Mitigation: apply the MS14-056 cumulative update for ...
CVE-2014-2817
CVE-2014-2817 summary (normal mode) : Affects Microsoft Internet Explorer 6–11, where a crafted web site can escalate privileges to the attacker. Root cause is an elevation of privilege vulnerability in IE; exploitation vector is remote and via a crafted page. Public exploits exist for this vulne...
CVE-2013-3893
CVE-2013-3893 is a use-after-free in mshtml.dll (Internet Explorer) specifically in SetMouseCapture, exploited via crafted JavaScript (notably through ms-help URLs) to achieve remote code execution across IE 6–11. Connected KEV/CISA entries confirm active exploitation in the wild and classify it ...
CVE-2012-4792
CVE-2012-4792 is a use-after-free vulnerability in Microsoft Internet Explorer 6–8 that allows remote code execution when a crafted website triggers access to an object (not properly allocated or deleted), exemplified by a CDwnBindInfo object. The issue has been exploited in the wild (Dec 2012). ...
CVE-2014-4108
Microsoft Internet Explorer 6–11 is the context for CVE-2014-4108 and related advisories. Connected documents describe multiple use-after-free vulnerabilities in IE components (e.g., CAttrArray, CFieldSetLayout, CTableCell, CDataBindTask, CMarkup, CGeneratedTreeNode, etc.) that enable remote code...
CVE-2013-1308
Technical details for CVE-2013-1308 are not publicly provided in the supplied documents. Monitor for updates from official advisories and vulnerability catalogs.
CVE-2008-4844
CVE-2008-4844 is a use-after-free vulnerability in the MSHTML component (CRecordInstance::TransferToDestination) of mshtml.dll that affects Internet Explorer 5.01/6/6 SP1/7. Exploitation enables remote code execution via crafted HTML/XML containing DSO bindings (XML Island, XML DSOs, or Tabular D...
CVE-2013-1309
CVE-2013-1309 corresponds to the Internet Explorer Use-After-Free vulnerability (MS13-037) affecting IE 6–10. The issue arises from use-after-free in memory handling (notably related to CDispNode/vgx.dll) when processing certain web content, enabling remote code execution via a crafted site. Publ...
CVE-2012-1876
CVE-2012-1876 affects Microsoft Internet Explorer 6–9 and IE10 (Consumer Preview); memory handling flaw when accessing a nonexistent object triggers a heap-based overflow, enabling remote code execution. Exploitation demonstrated (MS12-037), with multiple public exploits and bypass techniques (AS...
CVE-2010-0806
CVE-2010-0806 is a use-after-free in Internet Explorer’s iepeers.dll (affecting IE 6/6 SP1/7). The vulnerability arises from access to an invalid pointer after object deletion, enabling remote code execution. It was exploited in the wild around March 2010. Public fixes include Microsoft Security ...
CVE-2015-6161
CVE-2015-6161 affects Microsoft Internet Explorer (IE) 7–11 and Microsoft Edge, with the root cause described as a bypass of Address Space Layout Randomization (ASLR) via a crafted web site. Public sources in the connected documents confirm this is mitigated by Microsoft security updates MS15-124...
CVE-2012-2557
Summary of CVE-2012-2557 (CVE-2012-2557): A use-after-free vulnerability in Microsoft Internet Explorer 6–8 can permit remote code execution when a crafted page triggers access to a freed object, commonly associated with cloneNode handling (outerText/ CMarkup context). The issue is described as a...
CVE-2010-0244
CVE-2010-0244 : IE6/6 SP1/7/8 memory corruption via uninitialized/deleted objects leading to remote code execution. According to MS MS09-054, the fix is a cumulative IE security update; install the most current IE update(s) to mitigate. The connected KB entry describes the update path and mention...
CVE-2012-1526
Summary of CVE-2012-1526 : Microsoft Internet Explorer 6 and 7 are affected by a memory handling vulnerability that can allow remote code execution when an attacker accesses an uninitialized or deleted object in memory. The issue, known as Layout Memory Corruption, is exploited via memory object ...
CVE-2012-1879
CVE-2012-1879 affects Microsoft Internet Explorer 6–9. The issue arises from improper handling of objects in memory, allowing remote code execution when an attacker accesses an undefined memory location via insertAdjacentText. Public sources describe this as a remote code execution vulnerability ...
CVE-2010-0248
CVE-2010-0248 affects Microsoft Internet Explorer 6, 6 SP1, 7, and 8, where improper handling of certain memory objects enables remote code execution via an uninitialized or deleted object, leading to memory corruption. The connected data confirms in-the-wild references and public advisories poin...
CVE-2013-0015
Microsoft Internet Explorer 6–9 suffer from a vulnerability in automatic Shift JIS encoding selection, enabling remote attackers to read content from a different domain/zone via a crafted site that triggers cross-domain scrolling events (Shift JIS Character Encoding Vulnerability). This issue cau...
CVE-2013-0019
CVE-2013-0019 is a Use-After-Free vulnerability in Microsoft Internet Explorer 7–10 (Internet Explorer ComWindowProxy UAF) that enables remote code execution when a crafted page accesses a deleted object. The vuln affects IE7–IE10 across Windows client/server lines referenced in the sources, with...
CVE-2012-1880
CVE-2012-1880 corresponds to remote code execution in Microsoft Internet Explorer 6–9 due to improper handling of objects in memory when accessing a deleted object (insertRow). Documents confirm the root cause as memory corruption enabling code execution, with high severity (base score 9.3). Affe...
CVE-2010-0255
Vulnerability CVE-2010-0255 affects Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8, where IE can render non-HTML local files as HTML documents via dynamic OBJECT tag usage, enabling reading of local files (e.g., index.dat) and bypassing access restrictions. Root cause: IE fails to neutr...
CVE-2012-0011
CVE-2012-0011 relates to Microsoft Internet Explorer 7–9 via MSHTML: a use-after-free in handling of HTML time (t:MEDIA) elements leads to a freed CDispNode reference, enabling remote code execution. ZDI notes IE9 involvement; MS12-010 (2647516) is the official patch. Exploitation context require...
CVE-2012-1523
CVE-2012-1523 affects Microsoft Internet Explorer 6–8. Root cause: an error in memory handling when accessing a deleted object, leading to remote code execution. Impact: attacker could execute arbitrary code in the user’s security context (no user interaction needed; network vector). Remediation:...
CVE-2013-0088
CVE-2013-0088 is a use-after-free vulnerability in Microsoft Internet Explorer 6–10 that could allow remote code execution when a user visits a crafted page triggering access to a freed object. Connected sources confirm the vulnerable software range (IE6–IE10) and describe a memory-access flaw th...
CVE-2012-2521
The CVE-2012-2521 issue affects Microsoft Internet Explorer versions 6 through 9, caused by improper handling of in-memory objects which allows an attacker to trigger an out-of-bounds situation by accessing a deleted object, enabling remote code execution. The vulnerability is tied to the Asynchr...
CVE-2013-1297
Summary of CVE-2013-1297 details (from connected docs): Microsoft Internet Explorer versions 6–8 contain a data-access restriction flaw in VBScript that allows remote attackers to perform cross-domain reading of JSON files from a crafted site, described as the JSON Array Information Disclosure Vu...
CVE-2013-1310
CVE-2013-1310 describes a use-after-free vulnerability in Internet Explorer 6 and 7 where remote code execution could be triggered by visiting a crafted webpage that accesses a deleted object. The root cause is a memory-management flaw that can lead to arbitrary code execution in the context of t...
CVE-2010-3328
CVE-2010-3328 is an Uninitialized Memory Corruption vulnerability in Internet Explorer (mshtml.dll) affecting IE6–IE8. The root cause is memory corruption when IE accesses an object that has not been initialized or has been deleted, enabling remote code execution with the caller’s privileges if a...
CVE-2013-3908
Technical details about CVE-2013-3908 are not publicly disclosed in the provided documents. Monitor for updates from connected sources for affected products, root cause, impact, and available fixes.
CVE-2012-0010
CVE-2012-0010 affects Microsoft Internet Explorer 6–9, where copy-and-paste operations could disclose information from another domain or security zone via a crafted webpage (information disclosure). Multiple connected sources confirm a related MS12-010 update (2647516) addressing IE vulnerabiliti...
CVE-2013-0021
CVE-2013-0021 is a use-after-free vulnerability in Microsoft Internet Explorer (IE) versions 6 through 10. The flaw arises when IE accesses an in‑memory object after it has been freed, enabling a remote attacker to execute arbitrary code on the affected system when a user visits a crafted webpage...
CVE-2013-0089
CVE-2013-0089 is a use-after-free vulnerability in Microsoft IE versions 6–10 (CMarkupBehaviorContext) that could allow remote code execution when a user visits a crafted page. Root cause: accessing a deleted object in memory. Impact: remote code execution with the user’s rights (no user interact...
CVE-2012-0170
Microsoft Internet Explorer (notably IE6/IE7) contains a memory handling vulnerability related to OnReadyStateChange where accessing a deleted object can lead to remote code execution. The CVE-2012-0170 entry is associated with multiple advisories; Microsoft issued MS12-023 (Cumulative Security U...
CVE-2014-0285
CVE-2014-0285 : Microsoft Internet Explorer 6–11 is affected by a memory corruption vulnerability that allows remote code execution or a denial of service when a user visits a crafted web site. The issue is described as part of a family of IE memory corruption vulnerabilities (distinct from CVE-2...
CVE-2013-0087
CVE-2013-0087 is a use-after-free vulnerability in Microsoft Internet Explorer 6–10 caused by a fault in the MSHTML code path (CElement::EnsureRecalcNotify) when handling onResize/onMove events. A crafted web page can trigger access to a freed object, enabling remote code execution. The vulnerabi...
CVE-2009-0075
The CVE-2009-0075 issue affects Microsoft Internet Explorer (IE7/IE8) on Windows platforms as described in the connected advisories and MS09-002 update. The root cause is an uninitialized memory corruption when IE accesses an object that has been deleted, leading to remote code execution via a cr...
CVE-2012-0172
CVE-2012-0172 affects Microsoft Internet Explorer 6–8. The issue is a use-after-free in the vgx.dll path while processing certain VML behaviors, enabling remote code execution when a user visits a malicious page. Affected products include IE6/7/8 on multiple Windows versions; the root cause is me...
CVE-2012-0171
CVE-2012-0171 affects Microsoft Internet Explorer 6–9. The vulnerability arises from how IE handles in-memory objects; accessing a deleted object can lead to memory corruption and remote code execution. Connected sources confirm this is the well-known “SelectAll Remote Code Execution Vulnerabilit...
CVE-2012-1877
CVE-2012-1877 is a remote code execution vulnerability in Microsoft Internet Explorer 6–9 caused by improper handling of objects in memory, allowing an attacker to run arbitrary code by accessing a deleted object. Multiple connected sources (including the NVD entry for CVE-2012-1877 and OpenVAS/N...
CVE-2012-2522
CVE-2012-2522 affects Microsoft Internet Explorer 6–9. The vulnerability arises from improper handling of memory objects, enabling a remote attacker to execute arbitrary code by accessing a corrupted virtual function table after it has been deleted (Virtual Function Table Corruption Remote Code E...
CVE-2013-5048
CVE-2013-5048 concerns Microsoft Internet Explorer (IE) versions 6–11. The vulnerability is described as a memory corruption flaw triggered by visiting a crafted web site, enabling remote code execution or a denial of service. The connected records corroborate the same issue across multiple sourc...
CVE-2012-1873
Microsoft Internet Explorer 7–9 are affected by CVE-2012-1873 (Null Byte Information Disclosure). The issue stems from improper creation and initialization of string data, enabling remote attackers to extract sensitive information from the browser process memory via a crafted HTML document. The v...
CVE-2013-3205
CVE-2013-3205 is a vulnerability in Microsoft Internet Explorer 6–8 that allows remote code execution or memory corruption when processing a crafted web page. The connected sources describe a use-after-free flaw in IE’s caret handling (CCaret) within mshtml, where freeing CCaret via document.writ...
CVE-2013-5047
CVE-2013-5047 affects Microsoft Internet Explorer (IE) versions 6–11. The description and connected records consistently describe memory corruption vulnerabilities in IE that could allow remote code execution or a denial of service via a crafted web site. The CVE entry is linked to MS13-097 (Cumu...
CVE-2013-0092
CVE-2013-0092 is a use-after-free vulnerability in Microsoft Internet Explorer 6–10 that enables remote code execution when a user visits a crafted page exploiting an access to a deleted object (GetMarkupPtr use-after-free). The issue is documented across multiple sources (IE GetMarkupPtr Use Aft...