CVSS: 9.3EPSS: 74%CPEs: 11EXPL: 0CVE-2006-1303
https://notcve.org/view.php?id=CVE-2006-1303
Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection. • http://secunia.com/advisories/20595 http://securitytracker.com/id?1016291 http://www.kb.cert.org/vuls/id/959049 http://www.osvdb.org/26442 http://www.securityfocus.com/archive/1/437041/100/0/threaded http://www.securityfocus.com/bid/18328 http://www.vupen.com/english/advisories/2006/2319 http://www.zerodayinitiative.com/advisories/ZDI-06-018.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021 https://exchange.xforce.ibmcloud.com/vulnerabiliti • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 85%CPEs: 2EXPL: 0CVE-2006-2382 – Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-2382
Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. Successful exploitation requires that the target user browse to a malicious web page. Exploitaton does not require JavaScript, Java or ActiveX to be enabled. The specific vulnerability is due to a miscalculation of memory sizes when translating UTF-8 characters to Unicode. A size mismatch between a heap allocation and memory copy results in an exploitable heap corruption. • http://secunia.com/advisories/20595 http://securitytracker.com/id?1016291 http://www.kb.cert.org/vuls/id/136849 http://www.osvdb.org/26443 http://www.securityfocus.com/archive/1/436985/100/0/threaded http://www.securityfocus.com/bid/18309 http://www.us-cert.gov/cas/techalerts/TA06-164A.html http://www.vupen.com/english/advisories/2006/2319 http://www.zerodayinitiative.com/advisories/ZDI-06-017.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 44%CPEs: 2EXPL: 1CVE-2006-2383 – Microsoft Internet Explorer DXImageTransform ActiveX Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2006-2383
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. Successful exploitation requires that the target user browse to a malicious web page. The specific flaw exists in the Microsoft ActiveX object DXImageTransform.Microsoft.MMSpecialEffect1Input. Due to improper garbage collection when another object is assigned to any property, code execution is possible. This object implements the IObjectSafety interface and thus the default Internet Explorer settings allow for arbitrary code execution without any further user interaction. Several related ActiveX objects suffer from the same problem including: * DXImageTransform.Microsoft.MMSpecialEffect1Input.1 * DXImageTransform.Microsoft.MMSpecialEffect2Inputs * DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1 * DXImageTransform.Microsoft.MMSpecialEffectInplace1Input * DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1 • https://www.exploit-db.com/exploits/27984 http://secunia.com/advisories/20595 http://securitytracker.com/id?1016291 http://www.kb.cert.org/vuls/id/417585 http://www.osvdb.org/26444 http://www.securityfocus.com/bid/18303 http://www.us-cert.gov/cas/techalerts/TA06-164A.html http://www.vupen.com/english/advisories/2006/2319 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021 https://exchange.xforce.ibmcloud.com/vulnerabilities/26768 https:/&#x •
CVSS: 5.1EPSS: 42%CPEs: 23EXPL: 2CVE-2006-2094 – Microsoft Internet Explorer 5.0.1 - Modal Dialog Manipulation
https://notcve.org/view.php?id=CVE-2006-2094
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. • https://www.exploit-db.com/exploits/27744 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html http://securitytracker.com/id?1015720 http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02 http://www.osvdb.org/22351 http://www.securityfocus.com&# • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 95%CPEs: 21EXPL: 1CVE-2006-1186 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1186
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption. • https://www.exploit-db.com/exploits/1838 http://secunia.com/advisories/18957 http://securitytracker.com/id?1015900 http://www.kb.cert.org/vuls/id/959049 http://www.securityfocus.com/bid/17453 http://www.us-cert.gov/cas/techalerts/TA06-101A.html http://www.vupen.com/english/advisories/2006/1318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/25545 https://oval.cisecurity.org/repository/search& •