Page 3 of 63 results (0.012 seconds)

CVSS: 4.3EPSS: 0%CPEs: 44EXPL: 1

CVE-2007-4848

https://notcve.org/view.php?id=CVE-2007-4848

Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file. Microsoft Internet Explorer 4.0 hasta 7 permite a atacantes remotos determinar la existencia de archivos locales que tienen imágenes asociadas mediante un URI res:// en la propiedad src de un objeto Image de JavaScript, como se ha demostrado con el URI de un recurso de imagen bitmap dentro de un archivo (1) .exe o (2) .dll. • http://osvdb.org/37638 http://xs-sniper.com/blog/2007/07/20/more-uri-stuff-ies-resouce-uri •

CVSS: 9.3EPSS: 86%CPEs: 25EXPL: 0

CVE-2007-0942

https://notcve.org/view.php?id=CVE-2007-0942

Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll. Microsoft Internet Explorer versión 5.01 SP4 en Windows 2000 SP4; versión 6 SP1 en Windows 2000 SP4; versiones 6 y 7 en Windows XP SP2, o Windows Server 2003 SP1 o SP2; y posiblemente versión 7 en Windows Vista "instantiate certain COM objects as ActiveX controls" inapropiadamente, que permite a los atacantes remotos ejecutar código arbitrario por medio de un objeto COM creado de la biblioteca chtskdic.dll. • http://secunia.com/advisories/23769 http://www.osvdb.org/34399 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securitytracker.com/id?1018019 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1712 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027 https://exchange.xforce.ibmcloud.com/vulnerabilities/33252 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval •

CVSS: 7.8EPSS: 65%CPEs: 10EXPL: 2

CVE-2007-0612 – Microsoft Internet Explorer 5.0.1 - Multiple ActiveX Controls Denial of Service Vulnerabilities

https://notcve.org/view.php?id=CVE-2007-0612

Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference. Múltiples controles de ActiveX en el Microsoft Windows 2000, XP, 2003 y Vista permiten a atacantes remotos provocar una denegación de servicio (caída del Internet Explorer) mediante el acceso a las propiedades bgColor, fgColor, linkColor, alinkColor, vlinkColor o defaultCharset en los objetos (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile o (11) wdfile objects en (a) mshtml.dll; o en los objetos (12) TriEditDocument.TriEditDocument o (13) TriEditDocument.TriEditDocument.1 en (b) triedit.dll, lo que provoca una referencia a un puntero NULO (NULL). • https://www.exploit-db.com/exploits/29536 http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html http://osvdb.org/32628 http://securityreason.com/securityalert/2199 http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html http://www.securityfocus.com/archive/1/458443/100/0/threaded http://www.securityfocus.com/bid/22288 https://exchange.xforce.ibmcloud.com/vulnerabilities/31867 •

CVSS: 4.3EPSS: 5%CPEs: 1EXPL: 0

CVE-2006-5577

https://notcve.org/view.php?id=CVE-2006-5577

Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578. Microsoft Internet Explorer 6 y versiones anteriores permite a atacantes remotos la obtención de información sensible a través de usos sin especificar de la etiqueta de HTML OBJECT, que revela la ruta absoluta de la carpeta TIF correspondiente, también conocido como "TIF Folder Information Disclosure Vulnerability" y es diferntes a la CVE-2006-5578. • http://secunia.com/advisories/23288 http://securitytracker.com/id?1017374 http://www.osvdb.org/30816 http://www.securityfocus.com/archive/1/454969/100/200/threaded http://www.securityfocus.com/bid/21507 http://www.us-cert.gov/cas/techalerts/TA06-346A.html http://www.vupen.com/english/advisories/2006/4966 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A313 •

CVSS: 2.6EPSS: 3%CPEs: 1EXPL: 0

CVE-2006-5578

https://notcve.org/view.php?id=CVE-2006-5578

Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577. Microsoft Internet Explorer 6 y versiones anteriores permite a atacantes remotos leer Ficheros Temporales de Internet (TIF) y obtener información sensible a través de vectores sin especificar mediante operaciones de "arrastrar y soltar", también conocido como "TIF Folder Information Disclosure Vulnerability" , es distinta a la CVE-2006-5577. • http://secunia.com/advisories/23288 http://securitytracker.com/id?1017374 http://www.kb.cert.org/vuls/id/694344 http://www.osvdb.org/30815 http://www.securityfocus.com/archive/1/454969/100/200/threaded http://www.securityfocus.com/bid/21494 http://www.us-cert.gov/cas/techalerts/TA06-346A.html http://www.vupen.com/english/advisories/2006/4966 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072 https://oval.cisecurity.org/repository/search •