Page 23 of 171 results (0.017 seconds)

CVSS: 7.5EPSS: 56%CPEs: 18EXPL: 1

Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. • http://secunia.com/advisories/13251 http://secunia.com/advisories/22628 http://secunia.com/multiple_browsers_window_injection_vulnerability_test http://secunia.com/secunia_research/2004-13/advisory http://www.securityfocus.com/archive/1/449917/100/0/threaded http://www.securityfocus.com/bid/11855 •

CVSS: 7.5EPSS: 17%CPEs: 1EXPL: 2

Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. Microsoft Internet Explorer 6.0 SP2 permite a atacantes remotos suplantar una URL legítima en la barra de estado y realizar un ataque de 'phishing' mediante una página web que contenga un elemento BASE que apunta al sitio legítimo seguido de un elemento ancla (A) con un elemento "href" vacío y un elemento FORM que apunta a un sitio web malicioso, y un elemento 'INPUT' modificado para que se parezca a la URL legítima. • https://www.exploit-db.com/exploits/24714 http://secunia.com/advisories/11273 http://www.kb.cert.org/vuls/id/702086 http://www.securityfocus.com/archive/1/379903 http://www.securityfocus.com/archive/1/425386/100/0/threaded http://www.securityfocus.com/archive/1/425883/100/0/threaded http://www.securityfocus.com/bid/11565 https://exchange.xforce.ibmcloud.com/vulnerabilities/17938 •

CVSS: 10.0EPSS: 92%CPEs: 28EXPL: 1

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability." • https://www.exploit-db.com/exploits/612 http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html http://marc.info/?l=bugtraq&m=109942758911846&w=2 http://secunia.com/advisories/12959 http://www.kb.cert.org/vuls/id/842160 http://www.securityfocus.com/archive/1/379261 http://www.securityfocus.com/bid/11515 http://www.us-cert.gov/cas/techalerts/TA04-315A.html http://www •

CVSS: 2.6EPSS: 88%CPEs: 3EXPL: 1

The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command. • http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html http://secunia.com/advisories/13203 http://securityreason.com/securityalert/3220 http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php http://www.kb.cert.org/vuls/id/743974 http://www.securityfocus.com/bid/11686 https://exchange.xforce.ibmcloud.com/vulnerabilities/18181 •

CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0

Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help. • http://marc.info/?l=bugtraq&m=109829111200055&w=2 http://marc.info/?l=bugtraq&m=109830296130857&w=2 http://marc.info/?l=ntbugtraq&m=109828076802478&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/17824 •