Page 12 of 206 results (0.014 seconds)

CVSS: 7.5EPSS: 95%CPEs: 1EXPL: 0

Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. Desbordamiento de búfer basado en montón en URLMON.DLL en Microsoft Internet Explorer 6 SP1 en Windows 2000 y XP SP1, con versiones del parche MS06-042 anteriores al 24/08/2006, permite a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código de su elección mediante una URL larga en un sitio web que utilice compresión HTTP 1.1. • http://secunia.com/advisories/21557 http://securityreason.com/securityalert/1441 http://securitytracker.com/id?1016731 http://support.microsoft.com/kb/923762 http://www.kb.cert.org/vuls/id/821156 http://www.microsoft.com/technet/security/advisory/923762.mspx http://www.nsfocus.com/english/homepage/research/0608.htm http://www.osvdb.org/28132 http://www.securityfocus.com/archive/1/444046/100/0/threaded http://www.securityfocus.com/archive/1/444241/100/0/threaded http:/ •

CVSS: 5.0EPSS: 40%CPEs: 1EXPL: 4

Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1. Microsoft Internet Explorer 6.0 SP1 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un atributo Color largo en múltiples objetos DirectX Media Image DirectX Transforms ActiveX COM de (a) dxtmsft.dll y (b) dxtmsft3.dll, incluyendo (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1 y (3) DX3DTransform.Microsoft.Shapes.1. • https://www.exploit-db.com/exploits/4251 https://www.exploit-db.com/exploits/28421 http://securityreason.com/securityalert/1439 http://www.osvdb.org/29524 http://www.osvdb.org/29525 http://www.securityfocus.com/archive/1/443907/100/0/threaded http://www.securityfocus.com/bid/19640 http://xsec.org/index.php?module=releases&act=view&type=1&id=17 https://exchange.xforce.ibmcloud.com/vulnerabilities/28516 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 94%CPEs: 1EXPL: 3

The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN. El objeto COM de Servicios de Terminal (tsuserex.dll) permite a atacantes remotos provocar unad enegación de servicio (caída) y posiblemente ejecutar código de su elección instanciándolo como un objeto ActiveX en Internet Explorer 6.0 SP1 en Microsoft Windows 2003 EE SP1 CN. • https://www.exploit-db.com/exploits/28400 http://securityreason.com/securityalert/1403 http://www.securityfocus.com/archive/1/443493/100/0/threaded http://www.securityfocus.com/bid/19570 http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=14 https://exchange.xforce.ibmcloud.com/vulnerabilities/28444 •

CVSS: 7.5EPSS: 9%CPEs: 3EXPL: 8

Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files. Microsoft Internet Explorer 6.0 SP1 y posiblemente otras versiones permite a atacantes remotos provocar una denegación de servicio y posiblemente ejecutar código de su elección instanciando objetos COM como controles ActiveX, incluyendo (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), y (3) msoe.dll (Outlook), lo que lleva a una corrupción de memoria. NOTA: no está confirmado si este problema está en Internet Explorer o en los archivos DLL individuales. • https://www.exploit-db.com/exploits/28387 https://www.exploit-db.com/exploits/28389 http://securityreason.com/securityalert/1402 http://www.osvdb.org/29345 http://www.osvdb.org/29346 http://www.osvdb.org/29347 http://www.securityfocus.com/archive/1/443290/100/0/threaded http://www.securityfocus.com/archive/1/443295/100/0/threaded http://www.securityfocus.com/archive/1/443299/100/0/threaded http://www.securityfocus.com/bid/19521 http://www.securityfocus.com/bid •

CVSS: 7.5EPSS: 68%CPEs: 2EXPL: 0

Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability." Microsoft Internet Explorer 5.01 y 6 no identifica adecuadamente la zona de dominio que origina cuando maneja la redirección, lo cual permite a un atacante remoto leer páginas web de dominios cruzados y posiblemente ejecutar código a través de vectores no especificados que afectan a páginas web manipuladas, también conocido como "Vulnerabilidad de Elemento Fuente de Cruce de Dominios". • http://secunia.com/advisories/21396 http://securitytracker.com/id?1016663 http://www.kb.cert.org/vuls/id/252764 http://www.osvdb.org/27851 http://www.securityfocus.com/bid/19400 http://www.us-cert.gov/cas/techalerts/TA06-220A.html http://www.vupen.com/english/advisories/2006/3212 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A577 •