Page 32 of 184 results (0.003 seconds)

CVSS: 7.5EPSS: 9%CPEs: 9EXPL: 1

Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields. Desbordamiento de búfer en URLMON.DLL en Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos ejecutar código arbitrario mediante una respuesta HTTP conteniendo valores largos en ciertos campos de cabecera. • https://www.exploit-db.com/exploits/22530 http://marc.info/?l=bugtraq&m=105138417416900&w=2 http://marc.info/?l=bugtraq&m=105718285107246&w=2 http://www.kb.cert.org/vuls/id/169753 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926 •

CVSS: 7.5EPSS: 9%CPEs: 9EXPL: 1

The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality." La función showHelp() en Microsoft Internet Explorer 5.5 y 6.0 soporta ciertos tipos de protocolos enchufables (añadibles) qeu permiten a atacantes remotos evitar el modelo de seguridad de cruce de dominios y ejecutar código arbitrario. También conocida como "Validación de Seguridad entre dominios con funcionalidad showHelp" • https://www.exploit-db.com/exploits/22226 http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html http://www.ciac.org/ciac/bulletins/n-038.shtml http://www.iss.net/security_center/static/11259.php http://www.kb.cert.org/vuls/id/400577 http://www.securityfocus.com/bid/6780 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57 •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box." Microsoft Internet Explorer 5.01, 5.5 y 6.0 permite a atacantes remotos evitar el modelo de seguridad entre dominios (cros-domain) para correr script malicioso o programas arbitrarios mediante cuadros de díálogo. También conocida como "Validacíon de Seguridad Entre Dominios inapropiada con cuadro de diálogo". • http://www.ciac.org/ciac/bulletins/n-038.shtml http://www.iss.net/security_center/static/11258.php http://www.securityfocus.com/bid/6779 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability. • http://online.securityfocus.com/archive/1/292842 http://www.iss.net/security_center/static/10180.php http://www.securityfocus.com/bid/5778 •

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0

Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack. • http://www.iss.net/security_center/static/10180.php http://www.securityfocus.com/archive/1/292842 http://www.securityfocus.com/bid/5778 •