Page 19 of 135 results (0.005 seconds)

CVSS: 7.5EPSS: 96%CPEs: 16EXPL: 3

CVE-2004-0842 – Microsoft Internet Explorer 5.0.1 - Style Tag Comment Memory Corruption

https://notcve.org/view.php?id=CVE-2004-0842

Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability." Internet Explorer 6.1 SP1 y anteriores, y posiblemente otras versiones, permiten a atacantes remotos causar una denegación de servicio (caída de aplicación por "corrupción de memoria") mediante ciertos elementos de Hoja de Estilos en Cascada (CSS), como se ha demostrado usanto la cadena "<STYLE>@;/*", posiblemente debido a un terminador de comentario ausente que puede causar una longitud inválida que dispare una operación de copia de memoria grande. • https://www.exploit-db.com/exploits/24328 http://marc.info/?l=bugtraq&m=109107496214572&w=2 http://marc.info/?l=full-disclosure&m=109060455614702&w=2 http://marc.info/?l=full-disclosure&m=109102919426844&w=2 http://secunia.com/advisories/12806 http://www.ciac.org/ciac/bulletins/p-006.shtml http://www.ecqurity.com/adv/IEstyle.html http://www.kb.cert.org/vuls/id/291304 http://www.securiteam.com/exploits/5NP042KF5A.html http://www.securityfocus.com/bid/10816&# •

CVSS: 5.0EPSS: 96%CPEs: 16EXPL: 3

CVE-2004-0841 – Microsoft Internet Explorer 5.0.1 - Popup.show Mouse Event Hijacking

https://notcve.org/view.php?id=CVE-2004-0841

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability." Internet Explorer 6.x permite a atacantes remotos instalar programas de su elección mediante eventos mousedown que llaman al método Popup.show y usan acciones "arrastrar y soltar" en una ventana emergente, también conocida como "HijackClick 3" y la "Vulnerabilidad de descarga de fichero con scritp en etiqueta de imagen" • https://www.exploit-db.com/exploits/24266 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html http://secunia.com/advisories/12048 http://securitytracker.com/id?1010679 http://www.kb.cert.org/vuls/id/413886 http://www.osvdb.org/7774 http://www.securityfocus.com/archive/1/368652 http://www.securityfocus.com/archive/1/368666 http://www.securityfocus.com/bid/10690 http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en- •

CVSS: 5.0EPSS: 89%CPEs: 46EXPL: 1

CVE-2004-0839

https://notcve.org/view.php?id=CVE-2004-0839

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". • http://marc.info/?l=bugtraq&m=109303291513335&w=2 http://marc.info/?l=bugtraq&m=109336221826652&w=2 http://seclists.org/lists/fulldisclosure/2004/Aug/0868.html http://www.kb.cert.org/vuls/id/526089 http://www.securityfocus.com/bid/10973 http://www.us-cert.gov/cas/techalerts/TA04-293A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038 https://exchange.xforce.ibmcloud.com/vulnerabilities/17044 https://oval.cisecurity.org/repository/search&# •

CVSS: 7.5EPSS: 94%CPEs: 10EXPL: 0

CVE-2004-0719

https://notcve.org/view.php?id=CVE-2004-0719

Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. Internet Explorer para Mac 5.2.3, Internet Explorer 6 en Windows XP, u posiblemente otras versiones, no previenen adecuadamente que un marco de un dominio inyecte contenido en un marco que pertenece a otro dominio, lo que facilita la suplantación de sitios web y otros ataques. Vulnerabilidad también conocida como "de inyección de marco". • http://secunia.com/advisories/11966 http://secunia.com/advisories/11978 http://secunia.com/multiple_browsers_frame_injection_vulnerability_test https://exchange.xforce.ibmcloud.com/vulnerabilities/1598 •

CVSS: 10.0EPSS: 86%CPEs: 18EXPL: 2

CVE-2004-0212 – Microsoft Windows Task Scheduler (XP/2000) - '.job' (MS04-022)

https://notcve.org/view.php?id=CVE-2004-0212

Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share. Vulnerabilidad basada en la pila en el Programador de Tareas de Windows 2000 y XP, e Internet Explorer 6 en Windows NT 4.0 permite a atacantes remotos o locales ejecutar código de su elección mediante un fichero .job conteniendo parámetros grandes, como se ha demostrado utlizando Internet Explorer y accediendo a un fichero .job en una carpeta de red compartida anónimamente. • https://www.exploit-db.com/exploits/353 https://www.exploit-db.com/exploits/368 http://marc.info/?l=bugtraq&m=108981273009250&w=2 http://marc.info/?l=bugtraq&m=108981403025596&w=2 http://secunia.com/advisories/12060 http://www.kb.cert.org/vuls/id/228028 http://www.ngssoftware.com/advisories/mstaskjob.txt http://www.us-cert.gov/cas/techalerts/TA04-196A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022 https://exchange.xforce •