Page 17 of 82 results (0.009 seconds)

CVSS: 9.3EPSS: 94%CPEs: 46EXPL: 0

CVE-2009-1529 – Microsoft Internet Explorer setCapture Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2009-1529

Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 7 para Windows XP SP2 y SP3; 7 para Server 2003 SP2; 7 para Vista Gold, SP1 y SP2; y 7 para Server 2008 SP2, no maneja apropiadamente los objetos en la memoria, lo que permite a los atacantes remotos ejecutar código arbitrario llamando al método setCapture en una colección de objetos creados, también se conoce como "Uninitialized Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists when calling the setCapture method on a range of objects. When setCapture is called on a collection of specially crafted objects memory becomes corrupted. • http://osvdb.org/54948 http://www.securityfocus.com/archive/1/504205/100/0/threaded http://www.securityfocus.com/bid/35223 http://www.securitytracker.com/id?1022350 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1538 http://www.zerodayinitiative.com/advisories/ZDI-09-036 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval • CWE-399: Resource Management Errors •

CVSS: 7.1EPSS: 96%CPEs: 24EXPL: 0

CVE-2007-3091

https://notcve.org/view.php?id=CVE-2007-3091

Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability." Una condición de carrera en Microsoft Internet Explorer versión 6 SP1; versiones 6 y 7 para Windows XP SP2 y SP3; versiones 6 y versión 7 para Server 2003 SP2; versión 7 para Vista Gold, SP1 y SP2; y versión 7 para Server 2008 SP2 permite a los atacantes remotos ejecutar código arbitrario o realizar otras acciones en una transición de página, con los permisos de la página antigua y el contenido de la página nueva, como es demostrado por las funciones setInterval que configuran el archivo location.href dentro de una expresión try/catch, también se conoce como "bait & switch vulnerability" o "Race Condition Cross-Domain Information Disclosure Vulnerability." • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html http://lcamtuf.coredump.cx/ierace http://osvdb.org/38497 http://osvdb.org/54944 http://secunia.com/advisories/25564 http://securityreason.com/securityalert/2781 http://securitytracker.com/id?1018192 http://www.kb.cert.org/vuls/id/471361 http://www.securityfocus.com/archive/1/470446/100/0/threaded http://www.securityfocus.com/bid/24283 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •