CVSS: 5.1EPSS: 42%CPEs: 23EXPL: 2CVE-2006-2094 – Microsoft Internet Explorer 5.0.1 - Modal Dialog Manipulation
https://notcve.org/view.php?id=CVE-2006-2094
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. • https://www.exploit-db.com/exploits/27744 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html http://securitytracker.com/id?1015720 http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02 http://www.osvdb.org/22351 http://www.securityfocus.com&# • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 95%CPEs: 21EXPL: 1CVE-2006-1186 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1186
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption. • https://www.exploit-db.com/exploits/1838 http://secunia.com/advisories/18957 http://securitytracker.com/id?1015900 http://www.kb.cert.org/vuls/id/959049 http://www.securityfocus.com/bid/17453 http://www.us-cert.gov/cas/techalerts/TA06-101A.html http://www.vupen.com/english/advisories/2006/1318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/25545 https://oval.cisecurity.org/repository/search& •
CVSS: 10.0EPSS: 86%CPEs: 4EXPL: 1CVE-2006-1189 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1189
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability." • https://www.exploit-db.com/exploits/1838 http://archives.neohapsis.com/archives/bugtraq/2006-04/0227.html http://secunia.com/advisories/18957 http://securitytracker.com/id?1015900 http://www.kb.cert.org/vuls/id/341028 http://www.securityfocus.com/bid/17454 http://www.us-cert.gov/cas/techalerts/TA06-101A.html http://www.vupen.com/english/advisories/2006/1318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 https://exchange.xforce.ibmcloud. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.0EPSS: 20%CPEs: 4EXPL: 1CVE-2006-1191 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1191
Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site. • https://www.exploit-db.com/exploits/1838 http://secunia.com/advisories/18957 http://securitytracker.com/id?1015892 http://www.securityfocus.com/bid/17457 http://www.vupen.com/english/advisories/2006/1318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/25555 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1251 https://oval.cisecurity.org/repository/search/definition/oval%3 •
CVSS: 10.0EPSS: 89%CPEs: 4EXPL: 1CVE-2006-1190 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1190
Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code. • https://www.exploit-db.com/exploits/1838 http://secunia.com/advisories/18957 http://securitytracker.com/id?1015900 http://www.kb.cert.org/vuls/id/959649 http://www.securityfocus.com/bid/17455 http://www.vupen.com/english/advisories/2006/1318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/25552 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541 https://oval •