Page 3 of 24 results (0.003 seconds)

CVSS: 7.5EPSS: 72%CPEs: 2EXPL: 0

CVE-2006-3451 – Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2006-3451

Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors. Microsoft Internet Explorer 5 SP4 y 6 no recogen adecuadamente la basura cuando "se utilizan múltiples importaciones en una colección de hojas de estilo" para construir una cadena de Hojas de Estilo en Cascada (CSS), lo cual permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists due to improper garbage collection when multiple "imports" are used on a "styleSheets" collection. • http://secunia.com/advisories/21396 http://securityreason.com/securityalert/1343 http://securitytracker.com/id?1016663 http://www.kb.cert.org/vuls/id/262004 http://www.osvdb.org/27854 http://www.securityfocus.com/archive/1/442578/100/0/threaded http://www.securityfocus.com/bid/19316 http://www.us-cert.gov/cas/techalerts/TA06-220A.html http://www.vupen.com/english/advisories/2006/3212 http://www.zerodayinitiative.com/advisories/ZDI-06-026.html https://docs.microsoft • CWE-20: Improper Input Validation •

CVSS: 5.1EPSS: 42%CPEs: 23EXPL: 2

CVE-2006-2094 – Microsoft Internet Explorer 5.0.1 - Modal Dialog Manipulation

https://notcve.org/view.php?id=CVE-2006-2094

Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. • https://www.exploit-db.com/exploits/27744 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html http://securitytracker.com/id?1015720 http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02 http://www.osvdb.org/22351 http://www.securityfocus.com&# • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.5EPSS: 8%CPEs: 8EXPL: 1

CVE-2002-0153 – Apple Mac OS Internet Explorer 3/4/5 - File Execution

https://notcve.org/view.php?id=CVE-2002-0153

Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability. Internet Explorer 5.1 para Macintosh permite a atacantes remotos evadir comprobaciones de seguridad e invocar AppleScripts locales dentro de un elemento HTML específico. Tambien conocido como vulnerabilidad de "Invocación local de AppleScript" • https://www.exploit-db.com/exploits/21238 http://www.iss.net/security_center/static/8851.php http://www.osvdb.org/5356 http://www.securityfocus.com/archive/1/251805 http://www.securityfocus.com/bid/3935 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019 https://exchange.xforce.ibmcloud.com/vulnerabilities/7969 •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2001-1218

https://notcve.org/view.php?id=CVE-2001-1218

Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window. MS Internet Explorer para Unix 5.0SP1 permite a usuarios locales forzar una denegración de servicio (crash) tanto en CDE como en servidor X de Solaris 2.6 a través de maximizar la ventana o mostrar rápidamente caracteres chinos. • http://www.securityfocus.com/archive/1/246611 http://www.securityfocus.com/bid/3729 •

CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0

CVE-2001-0665

https://notcve.org/view.php?id=CVE-2001-0665

Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability." • http://www.osvdb.org/1972 http://www.securityfocus.com/bid/3421 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051 https://exchange.xforce.ibmcloud.com/vulnerabilities/7259 •