CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5543
https://notcve.org/view.php?id=CVE-2008-5543
12 Dec 2008 — Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. Symantec AntiVirus (SAV) 10, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un documen... • http://securityreason.com/securityalert/4723 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2008-5544
https://notcve.org/view.php?id=CVE-2008-5544
12 Dec 2008 — Hacksoft The Hacker 6.3.1.2.174 and possibly 6.3.0.9.081, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. Hacksoft The Hacker v6.3.1.2.174 y posiblemente v6.3.0.9.081, cuando se utiliza Internet Explorer 6 o 7, permite a ... • http://securityreason.com/securityalert/4723 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5545
https://notcve.org/view.php?id=CVE-2008-5545
12 Dec 2008 — Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. Trend Micro VSAPI v8.700.0.1004 en Trend Micro AntiVirus, cuando se utiliza Internet Explorer 6 o 7, permite a ataca... • http://securityreason.com/securityalert/4723 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5546
https://notcve.org/view.php?id=CVE-2008-5546
12 Dec 2008 — VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. VirusBlokAda VBA32 v3.12.8.5, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un docume... • http://securityreason.com/securityalert/4723 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5548
https://notcve.org/view.php?id=CVE-2008-5548
12 Dec 2008 — VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. VirusBuster v4.5.11.0, cuando se usa Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un documento HTML colocando... • http://securityreason.com/securityalert/4723 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 82%CPEs: 4EXPL: 6CVE-2008-4844 – Microsoft Internet Explorer (Windows Vista) - XML Parsing Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-4844
11 Dec 2008 — Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008. Una vulnerabilidad de uso de la memoria previamente liberada en la función CRecordInst... • https://www.exploit-db.com/exploits/7410 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 61%CPEs: 28EXPL: 0CVE-2008-4258
https://notcve.org/view.php?id=CVE-2008-4258
10 Dec 2008 — Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability." Microsoft Internet Explorer v5.01 SP4 y v6 SP1, no valida adecuadamente los parámetros en las llamadas a los métodos de navegación; esto permite a atacantes remotos ejecutar código de su elección a través de un doc... • http://www.securitytracker.com/id?1021371 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 61%CPEs: 28EXPL: 0CVE-2008-4260
https://notcve.org/view.php?id=CVE-2008-4260
10 Dec 2008 — Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 7 en ocasiones intenta acceder a objetos que han sido eliminados; esto permite a atacantes remotos ejecutar código de su elección a través de un documento HTML manipulado que provoca una corrupción de memoria. También se conoce como "Vul... • http://www.securitytracker.com/id?1021371 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 61%CPEs: 28EXPL: 0CVE-2008-4261
https://notcve.org/view.php?id=CVE-2008-4261
10 Dec 2008 — Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." El desbordamiento del búfer en región stack de la memoria en Microsoft Internet Explorer versiones 5.01 SP4, 6 SP1 en Windows 200... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=761 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 63%CPEs: 28EXPL: 0CVE-2008-4259 – Microsoft Internet Explorer Webdav Request Parsing Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-4259
09 Dec 2008 — Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability." Microsoft Internet Explorer versión 7 algunas veces intenta acceder a las ubicaciones de memoria no inicializadas, lo que permite a los atacantes remotos ejecutar código arbitrario por medio de u... • http://www.securityfocus.com/archive/1/499065/100/0/threaded • CWE-399: Resource Management Errors •