CVSS: 2.6EPSS: 33%CPEs: 1EXPL: 0CVE-2006-3227
https://notcve.org/view.php?id=CVE-2006-3227
Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of 20060625, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings. Conflictos de interpretación entre Internet Explorer y otros buscadores web como Mozilla, Opera, y Firefox pued e permitir a atacantes remotos modificar la presentación de las páginas web y probablemente superar los mecanismos de protección como los filtros e contenido a través de caracteres ASCII con el octavo bit configurado, lo que puede ser desecho por Internet Explorer para traducir texto legible, pero no cuando es usado en otros buscaodres. NOTA: ha habido discursión significativa sobre este tema, como 20060625, no está claro donde se encuentra la responsabilidad de este problema, aunque podría ser debido a la vaguedad dentro de los estándares asociados. • http://ha.ckers.org/blog/20060621/malformed-ascii-bypasses-filters http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2 http://www.osvdb.org/28376 http://www.securityfocus.com/archive/1/437948/100/0/threaded http://www.securityfocus.com/archive/1/438049/100/0/threaded http://www.securityfocus.com/archive/1/438051/100/0/threaded http://www.securityfocus.com/archive/1/438066/100/0/threaded http://www.securityfocus.com/archive/1/438154/100/0/threaded http://www&# •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1CVE-2006-3200
https://notcve.org/view.php?id=CVE-2006-3200
Unspecified versions of Internet Explorer allow remote attackers to cause a denial of service (crash) via an IFRAME with a src tag containing a "File://" URI followed by an 8-bit character. NOTE: some third parties were unable to verify this issue. Versión no especificada de Internet Explorer permite a atacantes remotos causar una denegación de servicio (caída) a través de un IFRAME con una etiqueta src que contiene "File://" seguido por un caracter de 8 bits. NOTA: algunos de estos detalles han sido obtenidos de terceras partes. • http://archives.neohapsis.com/archives/bugtraq/2006-06/0074.html http://securityreason.com/securityalert/1132 http://www.securityfocus.com/archive/1/436839/100/200/threaded http://www.securityfocus.com/archive/1/436889/100/200/threaded •
CVSS: 6.8EPSS: 90%CPEs: 32EXPL: 0CVE-2006-2378
https://notcve.org/view.php?id=CVE-2006-2378
Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. • http://secunia.com/advisories/20605 http://securitytracker.com/id?1016292 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407 http://www.kb.cert.org/vuls/id/923236 http://www.osvdb.org/26432 http://www.securityfocus.com/bid/18394 http://www.us-cert.gov/cas/techalerts/TA06-164A.html http://www.vupen.com/english/advisories/2006/2320 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-022 https://exchange.xforce.ibmcloud.com/vulnera •
CVSS: 9.3EPSS: 86%CPEs: 11EXPL: 0CVE-2006-1303
https://notcve.org/view.php?id=CVE-2006-1303
Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection. • http://secunia.com/advisories/20595 http://securitytracker.com/id?1016291 http://www.kb.cert.org/vuls/id/959049 http://www.osvdb.org/26442 http://www.securityfocus.com/archive/1/437041/100/0/threaded http://www.securityfocus.com/bid/18328 http://www.vupen.com/english/advisories/2006/2319 http://www.zerodayinitiative.com/advisories/ZDI-06-018.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021 https://exchange.xforce.ibmcloud.com/vulnerabiliti • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 12%CPEs: 2EXPL: 0CVE-2006-2384
https://notcve.org/view.php?id=CVE-2006-2384
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability." • http://secunia.com/advisories/20595 http://securitytracker.com/id?1016291 http://www.osvdb.org/26445 http://www.securityfocus.com/bid/18321 http://www.vupen.com/english/advisories/2006/2319 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021 https://exchange.xforce.ibmcloud.com/vulnerabilities/26777 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1478 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •