CVSS: 7.5EPSS: 12%CPEs: 12EXPL: 3CVE-2006-5162 – Microsoft Internet Explorer 6 - 'Content-Type' Stack Overflow Crash
https://notcve.org/view.php?id=CVE-2006-5162
03 Oct 2006 — wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow. wininet.dll en Microsoft Internet Explorer 6.0 SP2 y anteriores permite a atacantes remotos provocar una denegación de servicio (excepción no manejada y caída) mediante una cabecera Content-Type larga, lo cual dispara un desbordamiento de pila. • https://www.exploit-db.com/exploits/2039 •
CVSS: 9.3EPSS: 65%CPEs: 13EXPL: 4CVE-2006-4868 – Microsoft Internet Explorer (Windows XP SP2) - 'VML' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-4868
19 Sep 2006 — Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag. Desbordamiento de búfer basado en el motor Vector Graphics Rendering (vgx.dll), tal y como se usa en Microsoft Outlook e Internet Explorer 6.0 en Windows XP SP2 y posiblemente otras versiones pe... • https://www.exploit-db.com/exploits/2425 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 45%CPEs: 2EXPL: 0CVE-2006-3639
https://notcve.org/view.php?id=CVE-2006-3639
09 Aug 2006 — Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability." Microsoft Internet Explorer 5.01 y 6 no identifica adecuadamente la zona de dominio que origina cuando maneja la redirección, lo cual permite a un atacante remoto leer páginas web de dominios cruzados y ... • http://secunia.com/advisories/21396 •
CVSS: 5.3EPSS: 36%CPEs: 2EXPL: 0CVE-2006-3640
https://notcve.org/view.php?id=CVE-2006-3640
09 Aug 2006 — Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability." Microsoft Internet Explorer 5.01 y 6 permite a ciertas secuencias de comandos persistir a través de navegaciones entre páginas, lo cual permite a un atacante remoto obtener la localización de ventana de páginas web visitadas en otros domi... • http://secunia.com/advisories/21396 •
CVSS: 6.0EPSS: 28%CPEs: 2EXPL: 0CVE-2006-3643
https://notcve.org/view.php?id=CVE-2006-3643
09 Aug 2006 — Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Internet Explorer 5.01 y 6 en Microsoft Windows 2000 SP4 permite acceso a "ficheros de recursos HTML-embedde... • http://secunia.com/advisories/21401 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 77%CPEs: 2EXPL: 1CVE-2006-3637 – Microsoft Internet Explorer 5.0.1 - Frameset Memory Corruption
https://notcve.org/view.php?id=CVE-2006-3637
08 Aug 2006 — Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01 SP4 y 6 no maneja adecuadamente diversas combinaciones de componentes en diseños HTML, lo cual permite a atacantes remotos con la intervención del usuario ejecutar código de su elección ... • https://www.exploit-db.com/exploits/27971 •
CVSS: 8.8EPSS: 64%CPEs: 8EXPL: 0CVE-2006-3638
https://notcve.org/view.php?id=CVE-2006-3638
08 Aug 2006 — Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01 y 6 no maneja adecuadamente objetos COM no inicializados, lo cual permite a atacantes remotos provocar una denegación de ser... • http://secunia.com/advisories/21396 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 60%CPEs: 32EXPL: 0CVE-2006-2378
https://notcve.org/view.php?id=CVE-2006-2378
13 Jun 2006 — Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. • http://secunia.com/advisories/20605 •
CVSS: 4.3EPSS: 24%CPEs: 2EXPL: 0CVE-2006-2384
https://notcve.org/view.php?id=CVE-2006-2384
13 Jun 2006 — Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability." • http://secunia.com/advisories/20595 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 15%CPEs: 2EXPL: 0CVE-2006-2385
https://notcve.org/view.php?id=CVE-2006-2385
13 Jun 2006 — Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file. Vulnerabilidad no especificada en Microsoft Internet Explorer 5.01 SP4 y 6 SP1 y anteriores permite a atacantes asistidos por el usuario ejecutar código de forma arbitraria a través de una página web manipulada que dispara una corrupción de memoria cuando... • http://secunia.com/advisories/20595 • CWE-94: Improper Control of Generation of Code ('Code Injection') •