Microsoft : Security Vulnerabilities Published In 2010 (Information Leak)
The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.
| Max Base Score | 4.3 |
| Published | 2010-10-08 |
| Updated | 2022-02-18 |
| EPSS | 1.37% |
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342.
| Max Base Score | 4.3 |
| Published | 2010-12-16 |
| Updated | 2022-02-28 |
| EPSS | 0.96% |
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348.
| Max Base Score | 4.3 |
| Published | 2010-12-16 |
| Updated | 2022-02-28 |
| EPSS | 0.96% |
Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability."
| Max Base Score | 4.3 |
| Published | 2010-10-13 |
| Updated | 2021-07-23 |
| EPSS | 59.96% |
The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability."
| Max Base Score | 4.3 |
| Published | 2010-10-13 |
| Updated | 2021-07-23 |
| EPSS | 1.82% |
Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability."
| Max Base Score | 4.3 |
| Published | 2010-10-13 |
| Updated | 2021-07-23 |
| EPSS | 5.06% |
Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue.
| Max Base Score | 4.3 |
| Published | 2010-05-07 |
| Updated | 2021-07-23 |
| EPSS | 0.24% |
Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability."
| Max Base Score | 4.3 |
| Published | 2010-08-11 |
| Updated | 2021-07-23 |
| EPSS | 10.65% |
Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability."
| Max Base Score | 2.6 |
| Published | 2010-10-13 |
| Updated | 2021-07-23 |
| EPSS | 2.28% |
Microsoft Internet Explorer permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document.
| Max Base Score | 4.3 |
| Published | 2010-02-18 |
| Updated | 2021-07-23 |
| EPSS | 0.36% |
Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability."
| Max Base Score | 4.3 |
| Published | 2010-03-31 |
| Updated | 2021-07-23 |
| EPSS | 2.94% |
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability."
| Max Base Score | 4.3 |
| Published | 2010-03-31 |
| Updated | 2021-07-23 |
| EPSS | 2.96% |
The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
| Max Base Score | 5.0 |
| Published | 2010-04-14 |
| Updated | 2020-04-09 |
| EPSS | 37.79% |
13 vulnerabilities found