Page 166 of 1318 results (0.014 seconds)

CVSS: 4.3EPSS: 2%CPEs: 3EXPL: 2

mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1. mshtml.dll en Microsoft Internet Explorer v7 y v8 en Windows XP SP3 permite a atacantes remotos provocar una denegación de servicio (finalización de la aplicación) al llamar el método "findText" de código JavaScript con una cadena Unicode modificada en el primer argumento, y sólo un argumento adicional, como se ha comprobado con un segundo argumento con valor -1. • https://www.exploit-db.com/exploits/9253 http://www.exploit-db.com/exploits/9253 http://www.securityfocus.com/bid/35799 https://exchange.xforce.ibmcloud.com/vulnerabilities/52249 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12700 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 86%CPEs: 31EXPL: 0

Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability." Microsoft Internet Explorer v6 SP1; Internet Explorer 6 para Windows XP SP2 y SP3 y Server 2003 SP2; e Internet Explorer 7 y 8 for Windows XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2, no maneja adecuadamente los intentos de acceso a objetos eliminados de la memoria, lo que permite a atacantes remotos la ejecución de código de su elección a través de un documento HTML manipulado que provoca una corrupción de memoria. También conocida como "Vulnerabilidad de corrupción de Memoria en objetos HTML". • http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=953693 http://www.securityfocus.com/bid/35831 http://www.securitytracker.com/id?1022611 http://www.us-cert.gov/cas/techalerts/TA09-195A.html http://www.vupen.com/english/advisories/2009/2033 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-034 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6072 • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 95%CPEs: 31EXPL: 0

Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability." Microsoft Internet Explorer v5.01 SP4 y v6 SP1; Internet Explorer 6 para Windows XP SP2 y SP3 y Server 2003 SP2; e Internet Explorer 7 y 8 for Windows XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2, no maneja adecuadamente las operaciones con tablas, lo que permite a atacantes remotos la ejecución de código de su elección a través de un documento HTML manipulado que provoca una corrupción de memoria. También conocida como "Vulnerabilidad de corrupción de Memoria en objetos HTML". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the appending of elements to an invalid object. • http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=953693 http://www.securityfocus.com/archive/1/505523/100/0/threaded http://www.securityfocus.com/bid/35826 http://www.securitytracker.com/id?1022611 http://www.us-cert.gov/cas/techalerts/TA09-195A.html http://www.vupen.com/english/advisories/2009/2033 http://www.zerodayinitiative.com/advisories/ZDI-09-047 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-034 https://oval.cisecurity.org/repositor • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 74%CPEs: 31EXPL: 0

Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via an HTML document containing embedded style sheets that modify unspecified rule properties that cause the behavior element to be "improperly processed," aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer v5.01 SP4 y v6 SP1; Internet Explorer 6 para Windows XP SP2 y SP3 y Server 2003 SP2; e Internet Explorer 7 y 8 for Windows XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2, no maneja adecuadamente los intentos para acceder a objetos eliminados en memoria, lo que permite a atacantes remotos la ejecución de código de su elección a través de un documento HTML manipulado que provoca una corrupción de memoria. También conocida como "Vulnerabilidad de corrupción de Memoria No Inicializada". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when accessing embedded style sheets within an HTML file. • http://www.securityfocus.com/archive/1/505524/100/0/threaded http://www.securitytracker.com/id?1022611 http://www.us-cert.gov/cas/techalerts/TA09-195A.html http://www.vupen.com/english/advisories/2009/2033 http://www.zerodayinitiative.com/advisories/ZDI-09-048 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-034 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5660 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 2%CPEs: 127EXPL: 1

Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. Microsoft Internet Explorer v6.0.2900.2180 y anteriores permite a atacantes remotos causar una denegación de servicio (consumo de memoria y CPU) a través de un argumento de cadena de caracteres Unicode larga para el método de escritura, siendo un asunto relacionado con CVE-2009-2479. • http://archives.neohapsis.com/archives/bugtraq/2009-07/0192.html http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html http://websecurity.com.ua/3338 http://www.securityfocus.com/archive/1/505092/100/0/threaded http://www.securityfocus.com/archive/1/505120/100/0/threaded http://www.securityfocus.com/archive/1/505122/100/0/threaded • CWE-399: Resource Management Errors •