6 results (0.013 seconds)

CVSS: 9.3EPSS: 60%CPEs: 37EXPL: 0

Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. Vulnerabilidad no especificada en Microsoft Windows 2000, XP, y Server 2003 permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante vectores no especificados. NOTA: esta información está basada en un preaviso impreciso sin información accionable. • http://osvdb.org/35637 http://research.eeye.com/html/advisories/upcoming/20070327.html http://www.securityfocus.com/bid/23332 https://exchange.xforce.ibmcloud.com/vulnerabilities/34444 •

CVSS: 9.3EPSS: 5%CPEs: 43EXPL: 11

Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier. Una vulnerabilidad no especificada en Microsoft Windows 2000 SP4 hasta Windows Vista permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (reinicio persistente) por medio de un archivo ANI malformado, lo que resulta en una corrupción de memoria durante el procesamiento de cursores, cursores animados e iconos, un problema similar al CVE-2005-0416, como se demostró originalmente usando Internet Explorer versiones 6 y 7. NOTA: este problema podría ser un duplicado del CVE-2007-0038; si es así, utilizar el CVE-2007-0038 en lugar de este identificador. • https://www.exploit-db.com/exploits/3684 https://www.exploit-db.com/exploits/3647 https://www.exploit-db.com/exploits/3695 https://www.exploit-db.com/exploits/3652 https://www.exploit-db.com/exploits/3617 https://www.exploit-db.com/exploits/3636 https://www.exploit-db.com/exploits/3651 https://www.exploit-db.com/exploits/4045 https://www.exploit-db.com/exploits/16698 https://www.exploit-db.com/exploits/3635 https://www.exploit-db.com/exploits/3634 http: •

CVSS: 10.0EPSS: 92%CPEs: 28EXPL: 1

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability." • https://www.exploit-db.com/exploits/612 http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html http://marc.info/?l=bugtraq&m=109942758911846&w=2 http://secunia.com/advisories/12959 http://www.kb.cert.org/vuls/id/842160 http://www.securityfocus.com/archive/1/379261 http://www.securityfocus.com/bid/11515 http://www.us-cert.gov/cas/techalerts/TA04-315A.html http://www •

CVSS: 7.5EPSS: 96%CPEs: 16EXPL: 3

Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability." Internet Explorer 6.1 SP1 y anteriores, y posiblemente otras versiones, permiten a atacantes remotos causar una denegación de servicio (caída de aplicación por "corrupción de memoria") mediante ciertos elementos de Hoja de Estilos en Cascada (CSS), como se ha demostrado usanto la cadena "<STYLE>@;/*", posiblemente debido a un terminador de comentario ausente que puede causar una longitud inválida que dispare una operación de copia de memoria grande. • https://www.exploit-db.com/exploits/24328 http://marc.info/?l=bugtraq&m=109107496214572&w=2 http://marc.info/?l=full-disclosure&m=109060455614702&w=2 http://marc.info/?l=full-disclosure&m=109102919426844&w=2 http://secunia.com/advisories/12806 http://www.ciac.org/ciac/bulletins/p-006.shtml http://www.ecqurity.com/adv/IEstyle.html http://www.kb.cert.org/vuls/id/291304 http://www.securiteam.com/exploits/5NP042KF5A.html http://www.securityfocus.com/bid/10816&# •

CVSS: 5.0EPSS: 96%CPEs: 16EXPL: 3

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability." Internet Explorer 6.x permite a atacantes remotos instalar programas de su elección mediante eventos mousedown que llaman al método Popup.show y usan acciones "arrastrar y soltar" en una ventana emergente, también conocida como "HijackClick 3" y la "Vulnerabilidad de descarga de fichero con scritp en etiqueta de imagen" • https://www.exploit-db.com/exploits/24266 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html http://secunia.com/advisories/12048 http://securitytracker.com/id?1010679 http://www.kb.cert.org/vuls/id/413886 http://www.osvdb.org/7774 http://www.securityfocus.com/archive/1/368652 http://www.securityfocus.com/archive/1/368666 http://www.securityfocus.com/bid/10690 http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en- •