CVSS: 4.3EPSS: 49%CPEs: 12EXPL: 0CVE-2007-2225
https://notcve.org/view.php?id=CVE-2007-2225
12 Jun 2007 — A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." Un componente en Microsoft Outlook Express 6 y windows Mail en Windows Vista no maneja adecuadamente determinadas cabeceras HTTP cuado procesa URLs del protocolo MHTML, lo cual permit... • http://archive.openmya.devnull.jp/2007.06/msg00060.html •
CVSS: 9.3EPSS: 53%CPEs: 19EXPL: 0CVE-2007-0218
https://notcve.org/view.php?id=CVE-2007-0218
12 Jun 2007 — Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. Microsoft Internet Explorer versiones 5.01 y 6 permite a los atacantes remotos ejecutar código arbitrario mediante peticiones de determinados objetos COM desde la biblioteca Urlmon.dll, lo que desencadena corrupción de memoria durante una llamada a la función IObjectSafety. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=542 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 62%CPEs: 19EXPL: 0CVE-2007-1750
https://notcve.org/view.php?id=CVE-2007-1750
12 Jun 2007 — Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. Vulnerabilidad no especificada en Microsoft Internet Explorer 6 permite a atacantes remotos ejecutar código de su elección mediante una etiqueta de Hoja de Estilo en Cascada (CSS) que dispara una corrupción de memoria. • http://osvdb.org/35349 •
CVSS: 9.8EPSS: 50%CPEs: 4EXPL: 0CVE-2007-2218
https://notcve.org/view.php?id=CVE-2007-2218
12 Jun 2007 — Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. Vulnerabilidad no especificada en Windows Schannel Security Package para Microsoft Windows 2000 SP4, XP SP2, y Server 2003 SP1 y SP2, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de se... • http://secunia.com/advisories/25620 •
CVSS: 9.3EPSS: 57%CPEs: 19EXPL: 3CVE-2007-2222 – Microsoft Speech API ActiveX Control (Windows 2000 SP4) - Remote Buffer Overflow (MS07-033)
https://notcve.org/view.php?id=CVE-2007-2222
12 Jun 2007 — Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. Múltiples desbordamientos de búfer en los controles de voz (1) ActiveListen (en la biblioteca Xlisten.dll) y (2) ActiveVoice (e... • https://www.exploit-db.com/exploits/4065 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 52%CPEs: 19EXPL: 0CVE-2007-3027 – Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2007-3027
12 Jun 2007 — Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability." Condición de carrera en Microsoft Internet Explorer 5.01, 6, y 7 permite a atacantes remotos ejecutar código de su elección provocando que Internet Explorer instale múltiples paquetes de idioma en un modo que dispara una corrupción de memoria, tam... • http://osvdb.org/35350 •
CVSS: 8.1EPSS: 18%CPEs: 24EXPL: 0CVE-2007-3091
https://notcve.org/view.php?id=CVE-2007-3091
06 Jun 2007 — Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain In... • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 1%CPEs: 3EXPL: 0CVE-2007-2999
https://notcve.org/view.php?id=CVE-2007-2999
04 Jun 2007 — Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names. Microsoft Windows Server 2003, cuando las restricciones de tiempo están en efecto para las cuentas del usuario, genera diversos mensajes de error para las tentativas falladas de conexión con un nombre válido... • http://osvdb.org/36138 •
CVSS: 9.3EPSS: 70%CPEs: 13EXPL: 1CVE-2007-2221 – Microsoft Internet Explorer 7 - Arbitrary File Rewrite (MS07-027)
https://notcve.org/view.php?id=CVE-2007-2221
08 May 2007 — Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability." Vulnerabilidad no especificada en el objeto COM mdsauth.dll de Microsoft Windows Media Server en Microsoft Internet Expl... • https://www.exploit-db.com/exploits/3892 •
CVSS: 9.3EPSS: 54%CPEs: 25EXPL: 0CVE-2007-0942
https://notcve.org/view.php?id=CVE-2007-0942
08 May 2007 — Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll. Microsoft Internet Explorer versión 5.01 SP4 en Windows 2000 SP4; versión 6 SP1 en Windows 2000 SP4; versiones 6 y 7 en Windows XP SP2, o Windows Server 2003 SP... • http://secunia.com/advisories/23769 •