| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1450 |
16 |
|
+Info |
2013-01-29 |
2013-01-30 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
|
Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd. |
|
2 |
CVE-2013-1301 |
200 |
|
+Info |
2013-05-14 |
2013-05-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability." |
|
3 |
CVE-2013-1297 |
200 |
|
+Info |
2013-05-14 |
2013-05-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability." |
|
4 |
CVE-2013-0095 |
200 |
|
+Info |
2013-03-12 |
2013-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability." |
|
5 |
CVE-2013-0086 |
119 |
|
Overflow +Info |
2013-03-12 |
2013-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability." |
|
6 |
CVE-2013-0015 |
200 |
|
+Info |
2013-02-13 |
2013-02-13 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability." |
|
7 |
CVE-2013-0001 |
200 |
|
+Info |
2013-01-09 |
2013-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability." |
|
8 |
CVE-2012-6502 |
200 |
|
+Info |
2013-01-22 |
2013-01-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence. |
|
9 |
CVE-2012-2532 |
200 |
|
+Info |
2012-11-13 |
2013-03-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability." |
|
10 |
CVE-2012-2531 |
200 |
|
+Info |
2012-11-13 |
2013-03-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability." |
|
11 |
CVE-2012-1896 |
200 |
|
+Info |
2012-11-13 |
2013-03-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability." |
|
12 |
CVE-2012-1882 |
200 |
|
+Info |
2012-06-12 |
2012-08-13 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability." |
|
13 |
CVE-2012-1873 |
200 |
|
+Info |
2012-06-12 |
2013-03-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability." |
|
14 |
CVE-2012-1870 |
200 |
|
+Info |
2012-07-10 |
2013-03-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability." |
|
15 |
CVE-2012-1860 |
264 |
|
DoS +Info |
2012-07-10 |
2012-08-13 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability." |
|
16 |
CVE-2012-1858 |
200 |
|
XSS +Info |
2012-06-12 |
2013-03-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability." |
|
17 |
CVE-2012-0174 |
264 |
|
Bypass +Info |
2012-05-08 |
2013-01-29 |
1.7 |
None |
Local |
Low |
Single system |
Partial |
None |
None |
|
Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability." |
|
18 |
CVE-2012-0147 |
16 |
|
+Info |
2012-04-10 |
2013-03-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability." |
|
19 |
CVE-2012-0012 |
200 |
|
+Info |
2012-02-14 |
2012-08-13 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability." |
|
20 |
CVE-2012-0010 |
200 |
|
+Info |
2012-02-14 |
2012-08-13 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability." |
|
21 |
CVE-2011-3404 |
200 |
|
+Info |
2011-12-13 |
2011-12-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability." |
|
22 |
CVE-2011-1992 |
200 |
|
XSS +Info |
2011-12-13 |
2013-01-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability." |
|
23 |
CVE-2011-1978 |
200 |
|
Bypass +Info |
2011-08-10 |
2011-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability." |
|
24 |
CVE-2011-1977 |
200 |
|
+Info |
2011-08-10 |
2011-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability." |
|
25 |
CVE-2011-1962 |
200 |
|
+Info |
2011-08-10 |
2011-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability." |
|
26 |
CVE-2011-1960 |
200 |
|
+Info |
2011-08-10 |
2011-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability." |
|
27 |
CVE-2011-1892 |
200 |
|
+Info |
2011-09-15 |
2012-02-13 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." |
|
28 |
CVE-2011-1713 |
200 |
|
+Info |
2011-04-15 |
2011-07-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202. |
|
29 |
CVE-2011-1280 |
200 |
|
+Info |
2011-06-16 |
2012-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability." |
|
30 |
CVE-2011-1258 |
200 |
|
+Info |
2011-06-16 |
2011-07-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." |
|
31 |
CVE-2011-1246 |
200 |
|
+Info |
2011-06-16 |
2011-07-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability." |
|
32 |
CVE-2011-1245 |
200 |
|
+Info |
2011-04-13 |
2011-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability." |
|
33 |
CVE-2011-1244 |
264 |
|
+Info |
2011-04-13 |
2011-07-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." |
|
34 |
CVE-2011-1068 |
20 |
|
+Info |
2011-02-23 |
2011-04-21 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by reading an encrypted cookie and performing unspecified other steps. |
|
35 |
CVE-2011-0091 |
287 |
|
+Info |
2011-02-10 |
2011-07-18 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability." |
|
36 |
CVE-2011-0031 |
200 |
|
Mem. Corr. +Info |
2011-02-08 |
2011-07-18 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability." |
|
37 |
CVE-2011-0030 |
264 |
|
+Priv +Info |
2011-02-08 |
2013-02-14 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023. |
|
38 |
CVE-2010-5071 |
264 |
|
+Info |
2011-12-07 |
2012-03-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. |
|
39 |
CVE-2010-4562 |
200 |
|
+Info |
2012-02-02 |
2012-02-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. |
|
40 |
CVE-2010-3972 |
119 |
1
|
DoS Exec Code Overflow +Info |
2010-12-23 |
2011-07-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information. |
|
41 |
CVE-2010-3886 |
200 |
|
+Info |
2010-10-08 |
2011-07-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application. |
|
42 |
CVE-2010-3348 |
200 |
|
+Info |
2010-12-16 |
2011-07-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342. |
|
43 |
CVE-2010-3342 |
200 |
|
+Info |
2010-12-16 |
2011-07-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348. |
|
44 |
CVE-2010-3330 |
200 |
|
+Info |
2010-10-13 |
2011-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability." |
|
45 |
CVE-2010-3327 |
200 |
|
+Info |
2010-10-13 |
2011-07-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability." |
|
46 |
CVE-2010-3325 |
200 |
|
+Info |
2010-10-13 |
2011-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability." |
|
47 |
CVE-2010-2091 |
79 |
1
|
XSS +Info |
2010-05-27 |
2010-05-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. |
|
48 |
CVE-2010-2011 |
310 |
|
+Info |
2010-05-21 |
2010-05-24 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by decrypting a field's contents. |
|
49 |
CVE-2010-1852 |
200 |
|
+Info |
2010-05-07 |
2010-05-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue. |
|
50 |
CVE-2010-1258 |
200 |
|
Exec Code +Info |
2010-08-11 |
2010-09-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability." |
