Page 16 of 292 results (0.007 seconds)

CVSS: 6.8EPSS: 80%CPEs: 2EXPL: 0

Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers. Una vulnerabilidad no especificada en Internet Explorer versiones 5.01 y 6 SP1, permite a atacantes remotos ejecutar código arbitrario por medio de cadenas de Cascading Style Sheets (CSS) diseñadas que desencadenan una corrupción de memoria durante el análisis, relacionados con el uso de punteros fuera de límites. • http://secunia.com/advisories/26419 http://securitytracker.com/id?1018562 http://www.nsfocus.com/english/homepage/research/0701.htm http://www.osvdb.org/36397 http://www.securityfocus.com/bid/25288 http://www.us-cert.gov/cas/techalerts/TA07-226A.html http://www.vupen.com/english/advisories/2007/2869 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1673 •

CVSS: 9.3EPSS: 94%CPEs: 3EXPL: 1

The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability." El control ActiveX de la biblioteca tblinf32.dll (también conocida como vstlbinf.dll) para Internet Explorer versiones 5.01, 6 SP1 y 7 utiliza una implementación IObjectsafety inapropiada, que permite a los atacantes remotos ejecutar código arbitrario mediante peticiones a la propiedad HelpString, que involucra un argumento de archivo DLL elaborado para la función TypeLibInfoFromFile, que sobrescribe la propiedad HelpStringDll para llamar a la función DLLGetDocumentation en otro archivo DLL, también se conoce como "ActiveX Object Vulnerability." • https://www.exploit-db.com/exploits/30490 http://secunia.com/advisories/26419 http://securitytracker.com/id?1018562 http://www.osvdb.org/36396 http://www.securityfocus.com/archive/1/476742/100/0/threaded http://www.securityfocus.com/bid/25289 http://www.us-cert.gov/cas/techalerts/TA07-226A.html http://www.vupen.com/english/advisories/2007/2869 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045 https://oval.cisecurity.org/repository/search/d • CWE-16: Configuration •

CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0

Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217. Vulnerabilidad sin especificar en la implementación del FTP del Microsoft Internet Explorer permite a atacantes remotos "ver una dirección de memoria válida" a través de vectores sin especificar, vulnerabilidad diferente a la CVE-2007-0217. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473 http://osvdb.org/36398 •

CVSS: 9.3EPSS: 83%CPEs: 19EXPL: 0

Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. Microsoft Internet Explorer versiones 5.01 y 6 permite a los atacantes remotos ejecutar código arbitrario mediante peticiones de determinados objetos COM desde la biblioteca Urlmon.dll, lo que desencadena corrupción de memoria durante una llamada a la función IObjectSafety. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=542 http://osvdb.org/35348 http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/24372 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http://www.vupen.com/english/advisories/2007/2153 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033 https://exchange.xforce.ib • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 96%CPEs: 19EXPL: 3

Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. Múltiples desbordamientos de búfer en los controles de voz (1) ActiveListen (en la biblioteca Xlisten.dll) y (2) ActiveVoice (en la biblioteca Xvoice.dll), tal como son utilizados por Microsoft Internet Explorer en las versiones 5.01, 6 y 7, permiten a los atacantes remotos ejecutar código arbitrario por medio de un Objeto ActiveX que activa la corrupción de la memoria, como se demuestra por medio del parámetro ModeName a la función FindEngine en ACTIVEVOICEPROJECTLib.DirectSS. • https://www.exploit-db.com/exploits/4065 https://www.exploit-db.com/exploits/4066 http://osvdb.org/35353 http://retrogod.altervista.org/win_speech_2k_sp4.html http://retrogod.altervista.org/win_speech_xp_sp2.html http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.exploit-db.com/exploits/4065 http://www.kb.cert.org/vuls/id/507433 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/2442 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •