Page 16 of 219 results (0.007 seconds)

CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0

Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217. Vulnerabilidad sin especificar en la implementación del FTP del Microsoft Internet Explorer permite a atacantes remotos "ver una dirección de memoria válida" a través de vectores sin especificar, vulnerabilidad diferente a la CVE-2007-0217. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473 http://osvdb.org/36398 •

CVSS: 9.3EPSS: 83%CPEs: 19EXPL: 0

Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. Microsoft Internet Explorer versiones 5.01 y 6 permite a los atacantes remotos ejecutar código arbitrario mediante peticiones de determinados objetos COM desde la biblioteca Urlmon.dll, lo que desencadena corrupción de memoria durante una llamada a la función IObjectSafety. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=542 http://osvdb.org/35348 http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/24372 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http://www.vupen.com/english/advisories/2007/2153 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033 https://exchange.xforce.ib • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 96%CPEs: 19EXPL: 3

Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. Múltiples desbordamientos de búfer en los controles de voz (1) ActiveListen (en la biblioteca Xlisten.dll) y (2) ActiveVoice (en la biblioteca Xvoice.dll), tal como son utilizados por Microsoft Internet Explorer en las versiones 5.01, 6 y 7, permiten a los atacantes remotos ejecutar código arbitrario por medio de un Objeto ActiveX que activa la corrupción de la memoria, como se demuestra por medio del parámetro ModeName a la función FindEngine en ACTIVEVOICEPROJECTLib.DirectSS. • https://www.exploit-db.com/exploits/4065 https://www.exploit-db.com/exploits/4066 http://osvdb.org/35353 http://retrogod.altervista.org/win_speech_2k_sp4.html http://retrogod.altervista.org/win_speech_xp_sp2.html http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.exploit-db.com/exploits/4065 http://www.kb.cert.org/vuls/id/507433 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/2442 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 80%CPEs: 19EXPL: 0

Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. Vulnerabilidad no especificada en Microsoft Internet Explorer 6 permite a atacantes remotos ejecutar código de su elección mediante una etiqueta de Hoja de Estilo en Cascada (CSS) que dispara una corrupción de memoria. • http://osvdb.org/35349 http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/24423 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http://www.vupen.com/english/advisories/2007/2153 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033 https://exchange.xforce.ibmcloud.com/vulnerabilities/34619 https://oval.cisecurity.org/repository/sear •

CVSS: 9.3EPSS: 81%CPEs: 19EXPL: 0

Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability." Condición de carrera en Microsoft Internet Explorer 5.01, 6, y 7 permite a atacantes remotos ejecutar código de su elección provocando que Internet Explorer instale múltiples paquetes de idioma en un modo que dispara una corrupción de memoria, también conocida como "Vulnerabilidad de Instalación de Paquetes de Idioma". This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in routines responsible for the on-demand installation of Internet Explorer language packs. A race condition may occur when a web page contains several pieces of content written in a language not currently supported by any of the installed language packs. • http://osvdb.org/35350 http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.securityfocus.com/archive/1/471209/100/0/threaded http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/24429 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http://www.vupen.com/english/advisories/2007/2153 http://www.zerodayinitiative.com/advisories/ZDI-07-037.html https://docs.microsoft.com/en-us/security-updates/ •