Page 13 of 219 results (0.010 seconds)

CVSS: 9.3EPSS: 85%CPEs: 16EXPL: 0

The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. El HxTocCtrl ActiveX control (hxvz.dll), usado en Microsoft Internet Explorer 5.01 SP4 y 6 SP1, en Windows XP SP2, Server 2003 SP1 y SP2, Vista SP1 y Server 2008, permite a atacantes remotos ejecutar código de su elección a través de argumentos mal formados, lo que dispara una corrupción de memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=680 http://marc.info/?l=bugtraq&m=120845064910729&w=2 http://secunia.com/advisories/29714 http://www.securityfocus.com/bid/28606 http://www.securitytracker.com/id?1019800 http://www.us-cert.gov/cas/techalerts/TA08-099A.html http://www.vupen.com/english/advisories/2008/1147/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-023 https://exchange.xforce.ibmcloud.com/vulnerabilities/4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.1EPSS: 95%CPEs: 27EXPL: 0

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header. El método setRequestHeader del objeto XMLHttpRequest en Microsoft Internet Explorer versiones 5.01, 6 y 7 no bloquea los encabezados de petición HTTP peligrosos cuando ciertas secuencias de caracteres de 8 bits se anexan a un nombre de encabezado, lo que permite a los atacantes remotos (1) dirigir la división de peticiones HTTP y los ataques de contrabando de peticiones HTTP por medio de un encabezado de contenido largo inapropiado, (2) acceden a hosts virtuales arbitrarios por medio de un encabezado de host modificado, (3) omisión de las restricciones de referencia por medio de un encabezado Referer inapropiado y (4) omisión de la póliza mismo origen y conseguir información confidencial por medio de un encabezado de petición creado. • http://marc.info/?l=bugtraq&m=121380194923597&w=2 http://secunia.com/advisories/29453 http://securityreason.com/securityalert/3785 http://www.mindedsecurity.com/MSA02240108.html http://www.securityfocus.com/archive/1/489954/100/0/threaded http://www.securityfocus.com/bid/28379 http://www.securitytracker.com/id?1020226 http://www.us-cert.gov/cas/techalerts/TA08-162B.html http://www.vupen.com/english/advisories/2008/0980 http://www.vupen.com/english/advisories/2008/1778 https • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 20%CPEs: 2EXPL: 1

CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a DELE command, a variant or possibly a regression of CVE-2004-1166. NOTE: a trailing "//" can force Internet Explorer to try to reuse an existing authenticated connection. Vulnerabilidad de inyección CRLF en Microsoft Internet Explorer 5 y 6 permite a atacantes remotos ejecutar comandos FTP de su elección a través de una URL ftp:// codificada con los caracteres (%0D%0A) previa al comando FTP, que causa que los comandos sean insertados en una conexión FTP autenticada establecida previamente en la misma sesión de navegación, como se ha demostrado usando el comando DELE, una variante o posible regresión de la CVE-2004-1166. NOTA: un resto como"//" puede forzar que Internet Explorer intente reutilizar una conexión autenticada existente. • http://secunia.com/advisories/29346 http://securityreason.com/securityalert/3750 http://www.rapid7.com/advisories/R7-0032.jsp http://www.securityfocus.com/archive/1/489500/100/0/threaded http://www.securityfocus.com/bid/28208 http://www.vupen.com/english/advisories/2008/0870 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.8EPSS: 70%CPEs: 30EXPL: 0

Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01 hasta la 7 permite a atacantes remotos ejecutar código de su elección a través de "llamadas a métodos no esperados de objetos HTML", también conocido como "Vulnerabilidad de corrupción de objeto de memoria DHTML". • http://secunia.com/advisories/28036 http://securitytracker.com/id?1019078 http://www.securityfocus.com/archive/1/485268/100/0/threaded http://www.securityfocus.com/bid/26427 http://www.us-cert.gov/cas/techalerts/TA07-345A.html http://www.vupen.com/english/advisories/2007/4184 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069 https://exchange.xforce.ibmcloud.com/vulnerabilities/38716 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre&# • CWE-399: Resource Management Errors •

CVSS: 6.8EPSS: 85%CPEs: 30EXPL: 0

Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer versiones 5.01 hasta 7, permite a los atacantes remotos ejecutar código arbitrario por medio de un sitio web diseñado usando Javascript que crea, modifica, elimina y accede a objetos de documento utilizando la propiedad tags, que desencadena una corrupción de pila, relacionada con objetos no inicializados o eliminados, un problema diferente de CVE-2007-3902 y CVE-2007-3903, y una variante de "Uninitialized Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects that have been created, modified, deleted then accessed by JavaScript. By storing references to document nodes, then removing them by a separate reference, the document model in memory becomes unstable. • http://secunia.com/advisories/28036 http://securitytracker.com/id?1019078 http://www.securityfocus.com/archive/1/484890/100/100/threaded http://www.securityfocus.com/archive/1/485268/100/0/threaded http://www.securityfocus.com/bid/26817 http://www.us-cert.gov/cas/techalerts/TA07-345A.html http://www.vupen.com/english/advisories/2007/4184 http://www.zerodayinitiative.com/advisories/ZDI-07-075.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069&# • CWE-94: Improper Control of Generation of Code ('Code Injection') •