Page 24 of 292 results (0.019 seconds)

CVSS: 7.5EPSS: 94%CPEs: 23EXPL: 1

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. • https://www.exploit-db.com/exploits/1838 http://secunia.com/advisories/18957 http://securitytracker.com/id?1015900 http://www.kb.cert.org/vuls/id/824324 http://www.securityfocus.com/archive/1/435096/30/4710/threaded http://www.us-cert.gov/cas/techalerts/TA06-101A.html http://www.vupen.com/english/advisories/2006/1318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval& •

CVSS: 10.0EPSS: 95%CPEs: 21EXPL: 1

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption. • https://www.exploit-db.com/exploits/1838 http://secunia.com/advisories/18957 http://securitytracker.com/id?1015900 http://www.kb.cert.org/vuls/id/959049 http://www.securityfocus.com/bid/17453 http://www.us-cert.gov/cas/techalerts/TA06-101A.html http://www.vupen.com/english/advisories/2006/1318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/25545 https://oval.cisecurity.org/repository/search& •

CVSS: 5.0EPSS: 3%CPEs: 66EXPL: 2

jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference. • http://securitytracker.com/id?1015559 http://www.securityfocus.com/archive/1/423675/100/0/threaded http://www.securityfocus.com/archive/1/425422/30/6890/threaded http://www.securityfocus.com/bid/16441 •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054. • http://www.kb.cert.org/vuls/id/998297 http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx http://www.osvdb.org/23657 http://www.securityfocus.com/bid/16409 https://exchange.xforce.ibmcloud.com/vulnerabilities/24379 •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. • http://www.securityfocus.com/archive/1/391803 •