NotCVE - vendor:"Microsoft" product:"Ie" version:"5.0

Page 2 of 23 results (0.066 seconds)

CVSS: 9.3EPSS: 84%CPEs: 30EXPL: 0

CVE-2007-3902 – Microsoft Internet Explorer setExpression Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2007-3902

Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability." Una vulnerabilidad de uso de memoria previamente liberada en la función CRecalcProperty en la biblioteca mshtml.dll en Microsoft Internet Explorer versiones 5.01 hasta 7, permite a atacantes remotos ejecutar código arbitrario mediante el llamado método setExpression y, a continuación, modificando la propiedad outerHTML de un elemento HTML, una variante de "Uninitialized Memory Corruption Vulnerability”. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the CRecalcProperty function in mshtml.dll. When rendering HTML after calling the setExpression methods, followed by a modification of the outerHTML property of a programatically created element. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631 http://secunia.com/advisories/28036 http://securitytracker.com/id?1019078 http://www.securityfocus.com/archive/1/484887/100/0/threaded http://www.securityfocus.com/archive/1/485268/100/0/threaded http://www.securityfocus.com/bid/26506 http://www.us-cert.gov/cas/techalerts/TA07-345A.html http://www.vupen.com/english/advisories/2007/4184 http://www.zerodayinitiative.com/advisories/ZDI-07-073.html https:/&# • CWE-189: Numeric Errors CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 44EXPL: 1

CVE-2007-4848

https://notcve.org/view.php?id=CVE-2007-4848

Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file. Microsoft Internet Explorer 4.0 hasta 7 permite a atacantes remotos determinar la existencia de archivos locales que tienen imágenes asociadas mediante un URI res:// en la propiedad src de un objeto Image de JavaScript, como se ha demostrado con el URI de un recurso de imagen bitmap dentro de un archivo (1) .exe o (2) .dll. • http://osvdb.org/37638 http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri •

CVSS: 7.8EPSS: 65%CPEs: 10EXPL: 2

CVE-2007-0612 – Microsoft Internet Explorer 5.0.1 - Multiple ActiveX Controls Denial of Service Vulnerabilities

https://notcve.org/view.php?id=CVE-2007-0612

Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference. Múltiples controles de ActiveX en el Microsoft Windows 2000, XP, 2003 y Vista permiten a atacantes remotos provocar una denegación de servicio (caída del Internet Explorer) mediante el acceso a las propiedades bgColor, fgColor, linkColor, alinkColor, vlinkColor o defaultCharset en los objetos (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile o (11) wdfile objects en (a) mshtml.dll; o en los objetos (12) TriEditDocument.TriEditDocument o (13) TriEditDocument.TriEditDocument.1 en (b) triedit.dll, lo que provoca una referencia a un puntero NULO (NULL). • https://www.exploit-db.com/exploits/29536 http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html http://osvdb.org/32628 http://securityreason.com/securityalert/2199 http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html http://www.securityfocus.com/archive/1/458443/100/0/threaded http://www.securityfocus.com/bid/22288 https://exchange.xforce.ibmcloud.com/vulnerabilities/31867 •

CVSS: 4.3EPSS: 5%CPEs: 1EXPL: 0

CVE-2006-5577

https://notcve.org/view.php?id=CVE-2006-5577

Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578. Microsoft Internet Explorer 6 y versiones anteriores permite a atacantes remotos la obtención de información sensible a través de usos sin especificar de la etiqueta de HTML OBJECT, que revela la ruta absoluta de la carpeta TIF correspondiente, también conocido como "TIF Folder Information Disclosure Vulnerability" y es diferntes a la CVE-2006-5578. • http://secunia.com/advisories/23288 http://securitytracker.com/id?1017374 http://www.osvdb.org/30816 http://www.securityfocus.com/archive/1/454969/100/200/threaded http://www.securityfocus.com/bid/21507 http://www.us-cert.gov/cas/techalerts/TA06-346A.html http://www.vupen.com/english/advisories/2006/4966 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A313 •

CVSS: 2.6EPSS: 3%CPEs: 1EXPL: 0

CVE-2006-5578

https://notcve.org/view.php?id=CVE-2006-5578

Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577. Microsoft Internet Explorer 6 y versiones anteriores permite a atacantes remotos leer Ficheros Temporales de Internet (TIF) y obtener información sensible a través de vectores sin especificar mediante operaciones de "arrastrar y soltar", también conocido como "TIF Folder Information Disclosure Vulnerability" , es distinta a la CVE-2006-5577. • http://secunia.com/advisories/23288 http://securitytracker.com/id?1017374 http://www.kb.cert.org/vuls/id/694344 http://www.osvdb.org/30815 http://www.securityfocus.com/archive/1/454969/100/200/threaded http://www.securityfocus.com/bid/21494 http://www.us-cert.gov/cas/techalerts/TA06-346A.html http://www.vupen.com/english/advisories/2006/4966 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072 https://oval.cisecurity.org/repository/search •

1 2 3 4 5