Microsoft Internet Explorer vulnerabilities

CVE-2012-1877 [CRITICAL] CWE-94 CVE-2012-1877: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability."

CVE-2012-1879 [HIGH] CWE-94 CVE-2012-1879: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability."

CVE-2012-1872 [MEDIUM] CWE-79 CVE-2012-1872: Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote at Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."

CVE-2012-1873 [MEDIUM] CWE-200 CVE-2012-1873: Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which a Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability."

CVE-2012-1858 [MEDIUM] CWE-200 CVE-2012-1858: The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicat The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability.

CVE-2012-1882 [MEDIUM] CWE-200 CVE-2012-1882: Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows r Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability."

CVE-2012-0171 [CRITICAL] CWE-94 CVE-2012-0171: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability."

CVE-2012-0169 [CRITICAL] CWE-94 CVE-2012-0169: Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attack Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability."

CVE-2012-0170 [CRITICAL] CWE-94 CVE-2012-0170: Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnerability."

CVE-2012-0172 [CRITICAL] CWE-94 CVE-2012-0172: Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability."

CVE-2012-0168 [HIGH] CWE-94 CVE-2012-0168: Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary c Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability."

CVE-2012-1545 [MEDIUM] CWE-119 CVE-2012-1545: Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.

CVE-2012-0155 [CRITICAL] CWE-94 CVE-2012-0155: Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attack Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability."

CVE-2012-0011 [CRITICAL] CWE-94 CVE-2012-0011: Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows rem Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability."

CVE-2012-0012 [MEDIUM] CWE-665 CVE-2012-0012: Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string obj Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability."

CVE-2012-0010 [MEDIUM] CWE-200 CVE-2012-0010: Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which a Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability."

CVE-2011-2019 [CRITICAL] CWE-426 CVE-2011-2019: Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."

CVE-2011-1992 [MEDIUM] CWE-79 CVE-2011-1992: The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a diffe The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."

CVE-2011-3404 [MEDIUM] CWE-200 CVE-2011-3404: Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability."

CVE-2010-5071 [MEDIUM] CWE-264 CVE-2010-5071: The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restr The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.