Page 3 of 37 results (0.004 seconds)

CVSS: 10.0EPSS: 77%CPEs: 18EXPL: 0

Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. mshtml.dll de ciertas versiones de Internet Explorer 6.x permite a atacantes remotos causar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código arbitrario mediante una imagen GIF malformada que dispara un desbordamiento de búfer. • http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009445.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009473.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009506.html http://www.ciac.org/ciac/bulletins/o-191.shtml http://www.kb.cert.org/vuls/id/685364 http://www.securityfocus.com/bid/8530 http://www.us-cert.gov/cas/techalerts/TA04-212A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/200 • CWE-415: Double Free •

CVSS: 5.0EPSS: 4%CPEs: 32EXPL: 2

Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. Versiones desconocidas de Internet Explorer y Outlook permiten a atacantes remotos suplantar URL legítimas en la barra de estado mediante etiquetas A HREF con valores "alt" modificados que apuntan al sitio legítimo, combinado con un mapa de imagen cuyo HREF apunta al sitio malicioso, lo que facilita ataques de suplantación para robo de datos (phising). • https://www.exploit-db.com/exploits/24102 http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html http://marc.info/?l=bugtraq&m=108422905510713&w=2 http://www.kurczaba.com/securityadvisories/0405132poc.htm http://www.securityfocus.com/bid/10308 https://exchange.xforce.ibmcloud.com/vulnerabilities/16102 •

CVSS: 7.5EPSS: 71%CPEs: 2EXPL: 2

Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs. Micrososft Outlook 2002 no filtra suficientemente los parámetros de URLs mailto:, cuando se usan como argumentos al llamar a OUTLOOK.EXE, lo que permite a atacantes remotos usar código script en la zona de seguridad "Máquina Local" y ejecutar programas arbitrarios. • https://www.exploit-db.com/exploits/23796 http://marc.info/?l=bugtraq&m=107893704602842&w=2 http://www.ciac.org/ciac/bulletins/o-096.shtml http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities http://www.kb.cert.org/vuls/id/305206 http://www.securityfocus.com/bid/9827 http://www.us-cert.gov/cas/techalerts/TA04-070A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-009 https://exchange.xforce.ibmcloud.com/vulnerabiliti • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 0

Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name. Microsoft Internet Explorer 6.0, Outlook 2002, y Outlook 2003 permiten a atacantes remotos causar una denegación de servicio (consumición de CPU) si está desactivado "No guardar las páginas cifradas en el disco), mediante un sitio web o un mensaje de correo electrónico que contenga dos caractéres nulos (%00) después del nombre de máquina. • http://marc.info/?l=bugtraq&m=107643134712133&w=2 http://www.securityfocus.com/bid/9629 https://exchange.xforce.ibmcloud.com/vulnerabilities/15127 •

CVSS: 8.8EPSS: 12%CPEs: 4EXPL: 3

Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. • https://www.exploit-db.com/exploits/22280 http://www.securityfocus.com/archive/1/312910 http://www.securityfocus.com/archive/1/312929 http://www.securityfocus.com/bid/6923 https://exchange.xforce.ibmcloud.com/vulnerabilities/11411 • CWE-264: Permissions, Privileges, and Access Controls •