CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 0CVE-2006-5884
https://notcve.org/view.php?id=CVE-2006-5884
Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777. Múltiples vulnerabilidades no especificadas en controles ActiveX DirectAnimation para Microsoft Internet Explorer 5.01 hasta 6 tiene impacto y vectores desconocidos, posiblemente relacionados con (1) Danim.dll y (2) Lmrt.dll, un conjunto diferente de vulnerabilidades que CVE-2006-4446 y CVE-2006-4777. • http://www.osvdb.org/31324 http://www.us-cert.gov/cas/techalerts/TA06-318A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 •
CVSS: 5.1EPSS: 57%CPEs: 6EXPL: 0CVE-2006-4687 – Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2006-4687
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01 hasta 6 permite a atacantes remotos ejecutar código de su elección mediante combinaciones de diseño artesanales implicando etiquetas DIV y propiedades float de HTML CSS que disparan una corrupción de memoria, también conocido como "Vulnerabilidad de corrupción de memoria al traducir HTML". This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists due to improper parsing of HTML CSS 'float' properties. By ordering specially crafted 'div' tags in a web page, memory corruption can occur leading to remote code execution. • http://securitytracker.com/id?1017223 http://www.kb.cert.org/vuls/id/197852 http://www.osvdb.org/31323 http://www.securityfocus.com/archive/1/451590/100/100/threaded http://www.securityfocus.com/bid/21020 http://www.us-cert.gov/cas/techalerts/TA06-318A.html http://www.vupen.com/english/advisories/2006/4505 http://www.zerodayinitiative.com/advisories/ZDI-06-041.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 https://exchange.xforce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 6%CPEs: 1EXPL: 2CVE-2006-5805
https://notcve.org/view.php?id=CVE-2006-5805
Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid. Microsoft Internet Explorer 7 permite a atacantes remotos provocar que un certificado de seguridad de una página segura, aparezca como inválido mediante un enlace a res://ieframe.dll/invalidcert.htm con el sitio objetivo como argumento, lo que muestra la URL del sitio en la barra de direcciones y hace que el Internet Explorer informe de que el certificado no es válido. • http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html http://securitytracker.com/id?1017165 http://www.securityfocus.com/archive/1/450722/100/0/threaded •
CVSS: 6.4EPSS: 23%CPEs: 1EXPL: 3CVE-2006-5544
https://notcve.org/view.php?id=CVE-2006-5544
Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL. Vulnerabilidad de truncamiento visual en Microsoft Internet Explorer 7 permite a atacantes remotos suplantar la barra de direcciones y posiblemente conducir ataques de phising mediante una URL maliciosa que contiene espacios non-breaking (%A0), y que causa que la barra de direcciones omita algunos caracteres de la URL. • http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx http://secunia.com/advisories/22542 http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test http://securitytracker.com/id?1017122 http://www.kb.cert.org/vuls/id/347188 http://www.osvdb.org/30022 http://www.securityfocus.com/archive/1/449917/100/0/threaded http://www.securityfocus.com/bid/20728 https://exchange.xforce.ibmcloud.com/vulnerabilities/29827 •
CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0CVE-2006-4888
https://notcve.org/view.php?id=CVE-2006-4888
Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. Microsoft Internet Explorer 6 y anteriores permite a atacantes remotos provocar una denegación de servicio (aplicación que no responde) vía un elemento INPUT HTML con formato CSS dentro de un elemento DIV que tiene un tamaño mayor que el INPUT. • http://archives.neohapsis.com/archives/bugtraq/2006-07/0199.html http://jonas.elunic.de/blog/index.php/2006/07/14/ie-freeze-bug http://www.osvdb.org/28614 •