CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2007-3341
https://notcve.org/view.php?id=CVE-2007-3341
Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217. Vulnerabilidad sin especificar en la implementación del FTP del Microsoft Internet Explorer permite a atacantes remotos "ver una dirección de memoria válida" a través de vectores sin especificar, vulnerabilidad diferente a la CVE-2007-0217. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473 http://osvdb.org/36398 •
CVSS: 9.3EPSS: 83%CPEs: 19EXPL: 0CVE-2007-0218
https://notcve.org/view.php?id=CVE-2007-0218
Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. Microsoft Internet Explorer versiones 5.01 y 6 permite a los atacantes remotos ejecutar código arbitrario mediante peticiones de determinados objetos COM desde la biblioteca Urlmon.dll, lo que desencadena corrupción de memoria durante una llamada a la función IObjectSafety. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=542 http://osvdb.org/35348 http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/24372 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http://www.vupen.com/english/advisories/2007/2153 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033 https://exchange.xforce.ib • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 80%CPEs: 19EXPL: 0CVE-2007-1750
https://notcve.org/view.php?id=CVE-2007-1750
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. Vulnerabilidad no especificada en Microsoft Internet Explorer 6 permite a atacantes remotos ejecutar código de su elección mediante una etiqueta de Hoja de Estilo en Cascada (CSS) que dispara una corrupción de memoria. • http://osvdb.org/35349 http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/24423 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http://www.vupen.com/english/advisories/2007/2153 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033 https://exchange.xforce.ibmcloud.com/vulnerabilities/34619 https://oval.cisecurity.org/repository/sear •
CVSS: 9.3EPSS: 96%CPEs: 19EXPL: 3CVE-2007-2222 – Microsoft Speech API ActiveX Control (Windows 2000 SP4) - Remote Buffer Overflow (MS07-033)
https://notcve.org/view.php?id=CVE-2007-2222
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. Múltiples desbordamientos de búfer en los controles de voz (1) ActiveListen (en la biblioteca Xlisten.dll) y (2) ActiveVoice (en la biblioteca Xvoice.dll), tal como son utilizados por Microsoft Internet Explorer en las versiones 5.01, 6 y 7, permiten a los atacantes remotos ejecutar código arbitrario por medio de un Objeto ActiveX que activa la corrupción de la memoria, como se demuestra por medio del parámetro ModeName a la función FindEngine en ACTIVEVOICEPROJECTLib.DirectSS. • https://www.exploit-db.com/exploits/4065 https://www.exploit-db.com/exploits/4066 http://osvdb.org/35353 http://retrogod.altervista.org/win_speech_2k_sp4.html http://retrogod.altervista.org/win_speech_xp_sp2.html http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.exploit-db.com/exploits/4065 http://www.kb.cert.org/vuls/id/507433 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/2442 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 96%CPEs: 9EXPL: 0CVE-2007-1751 – Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2007-1751
Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer versiones 5.01, 6 y 7 permite a los atacantes remotos ejecutar código arbitrario causando que Internet Explorer acceda a un objeto no inicializado o eliminado, relacionado con variables prototipo y celdas de tabla, también se conoce como "Uninitialized Memory Corruption Vulnerability". This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw is specifically exposed when a prototype variable points to a table cell and then that table cell is removed. This results in an invalid pointer dereference which can be leveraged to result in arbitrary code execution. • http://osvdb.org/35351 http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.securityfocus.com/archive/1/471210/100/0/threaded http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/24418 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http://www.vupen.com/english/advisories/2007/2153 http://www.zerodayinitiative.com/advisories/ZDI-07-038.html https://docs.microsoft.com/en-us/security-updates/ • CWE-908: Use of Uninitialized Resource •