CVSS: 8.1EPSS: 10%CPEs: 1EXPL: 0CVE-2007-5456
https://notcve.org/view.php?id=CVE-2007-5456
14 Oct 2007 — Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. NOTE: this issue might not cross privilege ... • http://securityreason.com/securityalert/3222 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 40%CPEs: 29EXPL: 0CVE-2007-3892
https://notcve.org/view.php?id=CVE-2007-3892
09 Oct 2007 — Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826. Microsoft Internet Explorer 5.01 hasta 7 permite a atacantes remotos falsificar la barra de direcciones URL y otras "Interfaces de Usuario de confianza" mediante vectores no especificados, un asunto diferente que CVE-2007-1091 y CVE-2007-3826. • http://secunia.com/advisories/27133 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 40%CPEs: 29EXPL: 0CVE-2007-3893
https://notcve.org/view.php?id=CVE-2007-3893
09 Oct 2007 — Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error. Vulnerabilidad no especificada en Microsoft Internet Explorer 5.01 hasta 7 permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados que implican corrupción de memoria debido a un error no controlado. • http://secunia.com/advisories/23469 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 11%CPEs: 1EXPL: 0CVE-2007-5277
https://notcve.org/view.php?id=CVE-2007-5277
08 Oct 2007 — Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560. Microsoft Internet Explorer 6 borra asignaciones DNS fijas en conexiones fallidas a puertos TCP irrelevantes, lo cual hace más fácil para atacantes remotos llevar a cabo ataques de revinc... • http://crypto.stanford.edu/dns/dns-rebinding.pdf •
CVSS: 7.5EPSS: 19%CPEs: 1EXPL: 1CVE-2007-5158 – Microsoft Internet Explorer 5.0.1 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2007-5158
01 Oct 2007 — The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511. La gestión del foco del evento onkeydown de Microsoft Internet Explorer 6.0 permite a atacantes remotos cambiar el foco del campo y copiar pulsaciones de teclas mediante un uso determinado del atributo JavaS... • https://www.exploit-db.com/exploits/30622 •
CVSS: 4.3EPSS: 23%CPEs: 44EXPL: 1CVE-2007-4848
https://notcve.org/view.php?id=CVE-2007-4848
12 Sep 2007 — Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file. Microsoft Internet Explorer 4.0 hasta 7 permite a atacantes remotos determinar la existencia de archivos locales que tienen imágenes asociadas mediante un URI res:// en la propiedad src de un objeto Image de JavaScript... • http://osvdb.org/37638 •
CVSS: 8.8EPSS: 73%CPEs: 5EXPL: 2CVE-2007-4790 – Microsoft Visual FoxPro 6.0 - FPOLE.OCX 6.0.8450.0 Remote (PoC)
https://notcve.org/view.php?id=CVE-2007-4790
10 Sep 2007 — Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function. Desbordamiento de búfer en la región stack de la memoria en ciertos controles ActiveX en las bibliotecas (1) FPOLE. OCX versión 6.0.8450.0 y (2) Foxtlib.ocx, tal y como son usados en Micro... • https://www.exploit-db.com/exploits/4369 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 19%CPEs: 1EXPL: 0CVE-2007-4478
https://notcve.org/view.php?id=CVE-2007-4478
22 Aug 2007 — Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 and 7 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the URI string along with the document's original content. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Microsoft Internet Explorer 6.0 permite a atacantes remotos con la complicidad del usuario inyectar secuencias... • http://osvdb.org/45826 •
CVSS: 9.3EPSS: 28%CPEs: 2EXPL: 0CVE-2007-4356
https://notcve.org/view.php?id=CVE-2007-4356
15 Aug 2007 — Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file. Microsoft Internet Explorer 6 y 7 incrusta credenciales FTP en los archivos HTML que se obtienen durante una sesión FTP, lo cual permite a atacantes locales o remotos (dependiendo del contexto) obtener información sensible leyendo la fu... • http://blog.washingtonpost.com/securityfix/2007/08/ftp_files_expose_web_site_cred.html •
CVSS: 9.8EPSS: 75%CPEs: 3EXPL: 1CVE-2007-1749 – Microsoft Internet Explorer 5.0.1 - Vector Markup Language 'VGX.dll' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1749
14 Aug 2007 — Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow. Desbordamiento de entero en CDownloadSink class code en el componente de Lenguaje de Marcado Vectoria (VML) (VGX.DLL), como el utilizado en Internet Explorer 5.01, 6, y 7 permite a atacantes remotos ejecutar código... • https://www.exploit-db.com/exploits/30494 •