Page 105 of 715 results (0.021 seconds)

CVSS: 2.6EPSS: 88%CPEs: 3EXPL: 1

The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command. • http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html http://secunia.com/advisories/13203 http://securityreason.com/securityalert/3220 http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php http://www.kb.cert.org/vuls/id/743974 http://www.securityfocus.com/bid/11686 https://exchange.xforce.ibmcloud.com/vulnerabilities/18181 •

CVSS: 10.0EPSS: 7%CPEs: 22EXPL: 0

Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter. • http://marc.info/?l=bugtraq&m=110616221411579&w=2 http://www.kb.cert.org/vuls/id/673134 http://www.ngssoftware.com/advisories/heartbeatfull.txt http://www.securityfocus.com/bid/11367 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/17714 • CWE-787: Out-of-bounds Write •

CVSS: 4.6EPSS: 17%CPEs: 15EXPL: 0

Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration. • http://www.kb.cert.org/vuls/id/630720 http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/17820 •

CVSS: 10.0EPSS: 83%CPEs: 3EXPL: 0

Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow. Desbordamiento de búfer en el Motor de Instalación (inseng.dll) de Internet Explorer 5.01, 5.5 y 6 permite a atacantes remotos ejecutar código de su elección mediante un sitio web maliciosos o correo electrónico HTML. • http://marc.info/?l=bugtraq&m=109760693512754&w=2 http://marc.info/?l=bugtraq&m=110616383332055&w=2 http://marc.info/?l=ntbugtraq&m=110619893620517&w=2 http://www.kb.cert.org/vuls/id/637760 http://www.ngssoftware.com/advisories/msinsengfull.txt http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/17620 https://exchange.xforce.ibmcloud.com/ •

CVSS: 5.0EPSS: 4%CPEs: 2EXPL: 0

Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability." Internet Explorer 5.5 y 6 no manejan adecuadamente la navegación con complementos (plug-in), lo que permite a atacantes remotos alterar la barra de navegación mostrada y suplantar páginas web, facilitando ataques de "phising", también conocida como "Vulnerabilidad de suplantación de la barra de direcciónes en navegación en complemento". • http://www.kb.cert.org/vuls/id/625616 http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/17651 https://exchange.xforce.ibmcloud.com/vulnerabilities/17655 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2487 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2537 https://oval.cisecurity.org&#x •