Page 23 of 225 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054. • http://www.kb.cert.org/vuls/id/998297 http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx http://www.osvdb.org/23657 http://www.securityfocus.com/bid/16409 https://exchange.xforce.ibmcloud.com/vulnerabilities/24379 •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. • http://www.securityfocus.com/archive/1/391803 •

CVSS: 5.1EPSS: 8%CPEs: 10EXPL: 0

Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window. • http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx http://secunia.com/advisories/18787 http://securitytracker.com/id?1015049 http://www.osvdb.org/2707 http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html http://www.securityfocus.com/archive/1/424863/100/0/threaded http://www.securityfocus.com/archive/1/424940/100/0/threaded http://www.securityfocus.com/bid/16352 http://www.vupen.com/english/advisories/2006/0553 https://exchange.xforce.ibmcloud.com/vulnerabilities • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.5EPSS: 96%CPEs: 11EXPL: 0

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. Microsoft Internet Explorer 5.01, 5.5 y 6 permiten a atacantes remotos causar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código de su elección mediante una página web con CLSIDs incrustados que hacen referencia ciertos objetos COM que no están pensados para ser usados con con Internet Explorer, tcc una variante de la "Vulnerabilidad de Corrupción de Memoria por Instanciamiento de Objeto COM", una vulnerabilidad diferente de CVE-2005-2127. • http://secunia.com/advisories/15368 http://secunia.com/advisories/18064 http://secunia.com/advisories/18311 http://securitytracker.com/id?1015348 http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf http://www.kb.cert.org/vuls/id/959049 http://www.osvdb.org/21763 http://www.securityfocus.com/bid/15827 http://www.us-cert.gov/cas/techalerts/TA05-347A.html http://www.vupen.com/english/advisories/2005/2867 http://www.vupen.com/english/advisories/2005/2909 •

CVSS: 5.0EPSS: 96%CPEs: 4EXPL: 0

Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." Microsoft Interntet Explorer 5.01, 5.5 y 6, cuando usan un servidor proxy HTTPS que requiere autenticación básica, envía la URL en texto claro, lo que permite a atacantes remotos obtener información sensible, tcc "Vulnerabilidad proxy HTTPS" • http://secunia.com/advisories/15368 http://secunia.com/advisories/18064 http://secunia.com/advisories/18311 http://securitytracker.com/id?1015350 http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf http://www.securityfocus.com/bid/15825 http://www.vupen.com/english/advisories/2005/2867 http://www.vupen.com/english/advisories/2005/2909 http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420 https://docs.microsoft.com/en-us/security- •