 |
|
|
|
| Многочисленные уязвимости безопасности Microsoft Internet Explorer | | Опубликовано: |  | 8 июня 2010 г. | | Источник: |  | MICROSOFT | | SecurityVulns ID: |  | 10912 | | Тип: |  | клиент | | Опасность: |  | 8/10 | | Описание: |  | Межсайтовый скриптинг, утечка информации, многочисленные повреждения памяти. |
| Затронутые продукты: |  | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | | | MICROSOFT : Windows 7 | | CVE: |  | CVE-2010-1262 (Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability.") | | | | CVE-2010-1261 (The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.") | | | | CVE-2010-1260 (The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability.") | | | | CVE-2010-1259 (Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.") | | | | CVE-2010-12579 | | | | CVE-2010-1257 (Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.) | | | | CVE-2010-0255 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448.) |
|
|
|
|
|
|
|
|
