CVSS: 5.0EPSS: 83%CPEs: 3EXPL: 2CVE-2006-3427 – Microsoft Internet Explorer 5.0.1/6.0 - Structured Graphics Control Denial of Service
https://notcve.org/view.php?id=CVE-2006-3427
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, which triggers a null dereference. Microsoft Internet Explorer 6 permite a atacantes remotos provocar una denegación de servicio (caída) mediante la declaración del atributo sourceURL en un objeto ActiveX DirectAnimation.StructuredGraphicsControl sin inicializar, lo cual dispara un referencia a NULL. • https://www.exploit-db.com/exploits/28169 http://browserfun.blogspot.com/2006/07/mobb-6-structuredgraphicscontrol.html http://www.osvdb.org/26839 http://www.securityfocus.com/bid/18855 http://www.vupen.com/english/advisories/2006/2687 https://exchange.xforce.ibmcloud.com/vulnerabilities/27565 •
CVSS: 7.5EPSS: 96%CPEs: 1EXPL: 1CVE-2006-3357
https://notcve.org/view.php?id=CVE-2006-3357
Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings. Desbordamiento del búfer de memoria libre para la reserva dinámica en HTML Help ActiveX control (hhctrl.ocx) en Microsoft Internet Explorer 6.0, que permite a los atacantes remotos provocar la denegación de servicios (caída de la aplicación) y posiblemente la ejecución de código arbitrario, estableciendo repetidamente el campo de imagen de un objeto Internet.HHCtrl.1 a determinados valores, posiblemente relacionados con salidas incorrectas y cadenas largas. • http://browserfun.blogspot.com/2006/07/mobb-2-internethhctrl-image-property.html http://secunia.com/advisories/20906 http://securitytracker.com/id?1016434 http://www.kb.cert.org/vuls/id/159220 http://www.osvdb.org/26835 http://www.securityfocus.com/archive/1/442733/100/0/threaded http://www.securityfocus.com/bid/18769 http://www.tippingpoint.com/security/advisories/TSRT-06-08.html http://www.us-cert.gov/cas/techalerts/TA06-220A.html http://www.vupen.com/english/advi •
CVSS: 5.0EPSS: 87%CPEs: 21EXPL: 3CVE-2006-3354 – Microsoft Internet Explorer 6 - ADODB.Recordset Filter Property Denial of Service
https://notcve.org/view.php?id=CVE-2006-3354
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference. Vulnerabilidad en el navegador web Internet Explorer v6 de Microsoft que permite a atacantes remotos causar una denegación de servicio (indisponibilidad de la aplicación) asignando a la propiedad "Filter" (filtro) de un objeto ActiveX ADODB.Recordset ciertos valores varias veces, lo que dispara un de-referenciación de un dirección (o puntero) nula. • https://www.exploit-db.com/exploits/28145 http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html http://www.osvdb.org/26834 http://www.securityfocus.com/bid/18773 https://exchange.xforce.ibmcloud.com/vulnerabilities/27596 •
CVSS: 7.5EPSS: 85%CPEs: 1EXPL: 1CVE-2006-3280 – Microsoft Internet Explorer 5.0.1 - OuterHTML redirection Handling Information Disclosure
https://notcve.org/view.php?id=CVE-2006-3280
Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability." Vulnerabilidad de dominios cruzados en Microsoft Internet Explorer v6.0 permite a atacantes remotos acceder la información restringida desde otro dominio a través de una etiqueta object con un parámetro data que referencia un enlace en el sitio original del atacante que especifica una cabecera Location HTTP que referencia un sitio objetivo, lo que luego hace que el contenido esté disponible a través del atributo outerHTML del objeto, como "Redirect Cross-Domain Information Disclosure Vulnerability." • https://www.exploit-db.com/exploits/28118 http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj http://secunia.com/advisories/20825 http://secunia.com/advisories/21396 http://secunia.com/internet_explorer_information_disclosure_vulnerability_test http://securitytracker.com/id?1016388 http://www.kb.cert.org/vuls/id/883108 http://www.securityfocus&# •
CVSS: 5.1EPSS: 95%CPEs: 1EXPL: 2CVE-2006-3281 – Microsoft Windows XP/2000/2003 - Explorer Drag and Drop Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-3281
Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear. Microsoft Internet Explorer v6.0 no maneja apropiadamente los eventos Drag y Drop, lo que permite a atacantes remotos asistidos por el usuario ejecutar código de su elección a través de un enlace al fichero compartido SMB con un nombre que contiene una secuencia codificada ..\ (%2e%2e%5c)y cuya extensión incluye al identificador CLSID Key para HTML Applications (HTA), como "Folder GUID Code Execution Vulnerability." NOTA: la secuencia de salto de directorio fue usado en el exploit original, aunque sus roles no quedan claros. • https://www.exploit-db.com/exploits/28357 http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj http://secunia.com/advisories/20825 http://securitytracker.com/id?1016388 http://www.kb.cert.org/vuls/id/655100 http://www.securityfocus.com/bid/19389 http://www.us-cert.gov/cas/techalerts/TA06-220A.html http://www.vupen.com/english&# • CWE-20: Improper Input Validation •