CVSS: 7.6EPSS: 9%CPEs: 2EXPL: 0CVE-2006-2385
https://notcve.org/view.php?id=CVE-2006-2385
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file. Vulnerabilidad no especificada en Microsoft Internet Explorer 5.01 SP4 y 6 SP1 y anteriores permite a atacantes asistidos por el usuario ejecutar código de forma arbitraria a través de una página web manipulada que dispara una corrupción de memoria cuando se guarda como un archivo multipart HTML (.mht) • http://secunia.com/advisories/20595 http://securitytracker.com/id?1016291 http://www.osvdb.org/26446 http://www.securityfocus.com/bid/18320 http://www.vupen.com/english/advisories/2006/2319 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021 https://exchange.xforce.ibmcloud.com/vulnerabilities/26782 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1167 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 89%CPEs: 32EXPL: 0CVE-2006-2378
https://notcve.org/view.php?id=CVE-2006-2378
Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. • http://secunia.com/advisories/20605 http://securitytracker.com/id?1016292 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407 http://www.kb.cert.org/vuls/id/923236 http://www.osvdb.org/26432 http://www.securityfocus.com/bid/18394 http://www.us-cert.gov/cas/techalerts/TA06-164A.html http://www.vupen.com/english/advisories/2006/2320 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-022 https://exchange.xforce.ibmcloud.com/vulnera •
CVSS: 4.3EPSS: 12%CPEs: 2EXPL: 0CVE-2006-2384
https://notcve.org/view.php?id=CVE-2006-2384
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability." • http://secunia.com/advisories/20595 http://securitytracker.com/id?1016291 http://www.osvdb.org/26445 http://www.securityfocus.com/bid/18321 http://www.vupen.com/english/advisories/2006/2319 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021 https://exchange.xforce.ibmcloud.com/vulnerabilities/26777 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1478 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 74%CPEs: 11EXPL: 0CVE-2006-1303
https://notcve.org/view.php?id=CVE-2006-1303
Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection. • http://secunia.com/advisories/20595 http://securitytracker.com/id?1016291 http://www.kb.cert.org/vuls/id/959049 http://www.osvdb.org/26442 http://www.securityfocus.com/archive/1/437041/100/0/threaded http://www.securityfocus.com/bid/18328 http://www.vupen.com/english/advisories/2006/2319 http://www.zerodayinitiative.com/advisories/ZDI-06-018.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021 https://exchange.xforce.ibmcloud.com/vulnerabiliti • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 85%CPEs: 2EXPL: 0CVE-2006-2382 – Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-2382
Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. Successful exploitation requires that the target user browse to a malicious web page. Exploitaton does not require JavaScript, Java or ActiveX to be enabled. The specific vulnerability is due to a miscalculation of memory sizes when translating UTF-8 characters to Unicode. A size mismatch between a heap allocation and memory copy results in an exploitable heap corruption. • http://secunia.com/advisories/20595 http://securitytracker.com/id?1016291 http://www.kb.cert.org/vuls/id/136849 http://www.osvdb.org/26443 http://www.securityfocus.com/archive/1/436985/100/0/threaded http://www.securityfocus.com/bid/18309 http://www.us-cert.gov/cas/techalerts/TA06-164A.html http://www.vupen.com/english/advisories/2006/2319 http://www.zerodayinitiative.com/advisories/ZDI-06-017.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •