Page 10 of 58 results (0.015 seconds)

CVSS: 5.1EPSS: 74%CPEs: 3EXPL: 1

Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability." • http://securitytracker.com/id?1013126 http://www.kb.cert.org/vuls/id/823971 http://www.securityfocus.com/bid/12427 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014 https://exchange.xforce.ibmcloud.com/vulnerabilities/19137 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2385 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2817 https&# •

CVSS: 5.1EPSS: 92%CPEs: 3EXPL: 0

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability." • http://marc.info/?l=bugtraq&m=110796851002781&w=2 http://www.kb.cert.org/vuls/id/580299 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014 https://exchange.xforce.ibmcloud.com/vulnerabilities/19214 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1308 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1736 https://oval.cisecurity.org& •

CVSS: 2.6EPSS: 59%CPEs: 4EXPL: 3

Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. • http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html http://secunia.com/advisories/12304 http://securitytracker.com/id?1010957 http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt http://www.osvdb.org/8978 https://exchange.xforce.ibmcloud.com/vulnerabilities/17007 •

CVSS: 7.5EPSS: 56%CPEs: 18EXPL: 1

Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. • http://secunia.com/advisories/13251 http://secunia.com/advisories/22628 http://secunia.com/multiple_browsers_window_injection_vulnerability_test http://secunia.com/secunia_research/2004-13/advisory http://www.securityfocus.com/archive/1/449917/100/0/threaded http://www.securityfocus.com/bid/11855 •

CVSS: 10.0EPSS: 83%CPEs: 3EXPL: 0

Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow. Desbordamiento de búfer en el Motor de Instalación (inseng.dll) de Internet Explorer 5.01, 5.5 y 6 permite a atacantes remotos ejecutar código de su elección mediante un sitio web maliciosos o correo electrónico HTML. • http://marc.info/?l=bugtraq&m=109760693512754&w=2 http://marc.info/?l=bugtraq&m=110616383332055&w=2 http://marc.info/?l=ntbugtraq&m=110619893620517&w=2 http://www.kb.cert.org/vuls/id/637760 http://www.ngssoftware.com/advisories/msinsengfull.txt http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/17620 https://exchange.xforce.ibmcloud.com/ •