CVSS: 9.3EPSS: 97%CPEs: 3EXPL: 7CVE-2006-3730 – Microsoft Internet Explorer - WebViewFolderIcon setSlice()
https://notcve.org/view.php?id=CVE-2006-3730
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. Desbordamiento de entero en Microsoft Internet Explorer 6 sobre Windows XP SP2 permite a atacantes remotos provocar denegación de servicio (caida) y ejecutar código de su elección a través deun argumento 0x7fffffff en el método setSlice sobre un objeto ActiveX WebViewFolderIcon, el cual dará lugar a una copia de memoria no válida. • https://www.exploit-db.com/exploits/2458 https://www.exploit-db.com/exploits/2460 https://www.exploit-db.com/exploits/2448 https://www.exploit-db.com/exploits/2440 https://www.exploit-db.com/exploits/16564 http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html http://isc.sans.org/diary.php?storyid=1742 http://riosec.com/msie-setslice-vuln http://secunia.com/advisories/22159 http://securitytracker.com/id?1016941 http://www.kb.cert.org/vuls/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 11%CPEs: 2EXPL: 0CVE-2006-3657
https://notcve.org/view.php?id=CVE-2006-3657
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property. Microsoft Internet Explorer 6 permite a atacantes remotos provocar una denegación de servicio (excepción de desbordamiento de pila) a través del objeto de ActiveX DXImageTransform.Microsoft.Gradient con una propiedad larga (1) StartColorStr o (2) EndColorStr. • http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html http://www.osvdb.org/27109 http://www.securityfocus.com/bid/19029 http://www.vupen.com/english/advisories/2006/2832 https://exchange.xforce.ibmcloud.com/vulnerabilities/27762 •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 1CVE-2006-3658
https://notcve.org/view.php?id=CVE-2006-3658
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check. Microsoft Internet Explorer 6 permite a atacantes remotos provocar denegación de servicio (caida) a través del acceso a referencia a objeto de un objeto Active X FolderItem, el cual dispara un referencia null en la validación de seguridad. • http://browserfun.blogspot.com/2006/07/mobb-15-folderitem-access.html http://www.osvdb.org/27059 http://www.vupen.com/english/advisories/2006/2814 https://exchange.xforce.ibmcloud.com/vulnerabilities/27760 •
CVSS: 5.0EPSS: 11%CPEs: 2EXPL: 0CVE-2006-3659
https://notcve.org/view.php?id=CVE-2006-3659
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object. Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 permite a atacantes remotos provocar una denegación de servicio (caída) estableciendo la propiedad location o URL del objeto ActiveX MHTMLFile. • http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html http://www.osvdb.org/27108 http://www.securityfocus.com/bid/19013 http://www.vupen.com/english/advisories/2006/2831 https://exchange.xforce.ibmcloud.com/vulnerabilities/27761 •
CVSS: 5.0EPSS: 88%CPEs: 9EXPL: 3CVE-2006-3513 – Microsoft Internet Explorer 6 - DirectAnimation.DAUserData Denial of Service
https://notcve.org/view.php?id=CVE-2006-3513
danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference. danim.dll de Microsoft Internet Explorer 6 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) por acceder a los datos de propiedad de un objeto DirectAnimation DAUserData antes de que sea inicializado, lo cual dispara un puntero a referencia NULL. • https://www.exploit-db.com/exploits/28196 http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html http://www.osvdb.org/27013 http://www.securityfocus.com/bid/18902 http://www.vupen.com/english/advisories/2006/2719 https://exchange.xforce.ibmcloud.com/vulnerabilities/27622 •