Page 106 of 625 results (0.007 seconds)

CVSS: 5.0EPSS: 96%CPEs: 16EXPL: 3

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability." Internet Explorer 6.x permite a atacantes remotos instalar programas de su elección mediante eventos mousedown que llaman al método Popup.show y usan acciones "arrastrar y soltar" en una ventana emergente, también conocida como "HijackClick 3" y la "Vulnerabilidad de descarga de fichero con scritp en etiqueta de imagen" • https://www.exploit-db.com/exploits/24266 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html http://secunia.com/advisories/12048 http://securitytracker.com/id?1010679 http://www.kb.cert.org/vuls/id/413886 http://www.osvdb.org/7774 http://www.securityfocus.com/archive/1/368652 http://www.securityfocus.com/archive/1/368666 http://www.securityfocus.com/bid/10690 http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en- •

CVSS: 5.0EPSS: 89%CPEs: 46EXPL: 1

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". • http://marc.info/?l=bugtraq&m=109303291513335&w=2 http://marc.info/?l=bugtraq&m=109336221826652&w=2 http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html http://www.kb.cert.org/vuls/id/526089 http://www.securityfocus.com/bid/10973 http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/17044 https://oval.cisecurity.org/repository/search&# •

CVSS: 7.5EPSS: 94%CPEs: 10EXPL: 0

Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. Internet Explorer para Mac 5.2.3, Internet Explorer 6 en Windows XP, u posiblemente otras versiones, no previenen adecuadamente que un marco de un dominio inyecte contenido en un marco que pertenece a otro dominio, lo que facilita la suplantación de sitios web y otros ataques. Vulnerabilidad también conocida como "de inyección de marco". • http://secunia.com/advisories/11966 http://secunia.com/advisories/11978 http://secunia.com/multiple_browsers_frame_injection_vulnerability_test https://exchange.xforce.ibmcloud.com/vulnerabilities/1598 •

CVSS: 10.0EPSS: 77%CPEs: 18EXPL: 0

Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. mshtml.dll de ciertas versiones de Internet Explorer 6.x permite a atacantes remotos causar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código arbitrario mediante una imagen GIF malformada que dispara un desbordamiento de búfer. • http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009445.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009473.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009506.html http://www.ciac.org/ciac/bulletins/o-191.shtml http://www.kb.cert.org/vuls/id/685364 http://www.securityfocus.com/bid/8530 http://www.us-cert.gov/cas/techalerts/TA04-212A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/200 • CWE-415: Double Free •

CVSS: 10.0EPSS: 96%CPEs: 4EXPL: 1

The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object. El control ActiveX WebBrowser, o el motor de render HTML de Internet Explorer (MSHTML), usado en Internet Explorer 6, permite a atacantes remotos ejecutar código arbitrario en el contexto de seguridad local usando el método showModalDialog y modificando la localizacion para ejecutar código como JavaScript, como demostró usando (1) redirecciones HTTP diferidas, y una respuesta HTTP con una cabecera "Location:" conteniendo un "URL:" añadida al principio de una URI "ms-its", o (2) modificando el atributo de localización de la ventana, explotado por el gusano Ject / Scob / Toofer, usando el objeto ADODB.Stream • https://www.exploit-db.com/exploits/316 http://62.131.86.111/analysis.htm http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0031.html http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0104.html http://marc.info/?l=bugtraq&m=108786396622284&w=2 http://marc.info/?l=bugtraq&m=108852642021426&w=2 http://umbrella.name/originalvuln/msie/InsiderPrototype http://www.kb.cert.org/vuls/id/713878 http://www.us-cert.gov/cas/techalerts/TA04-163A.html http:&# •