CVSS: 8.8EPSS: 88%CPEs: 30EXPL: 0CVE-2007-5344 – Microsoft Internet Explorer Element Tags Vulnerability
https://notcve.org/view.php?id=CVE-2007-5344
11 Dec 2007 — Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer versiones 5.01 hasta 7, permite a los atacantes remotos ejecutar ... • http://secunia.com/advisories/28036 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.4EPSS: 36%CPEs: 21EXPL: 0CVE-2007-5355
https://notcve.org/view.php?id=CVE-2007-5355
05 Dec 2007 — The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. La característica Web Proxy Auto-Discovery en Microsoft Internet Explorer 6 y 7, cuando un sufijo de DNS primario con tres o más componentes es configurado, resuelve nombre de host... • http://secunia.com/advisories/27901 •
CVSS: 8.1EPSS: 80%CPEs: 1EXPL: 0CVE-2007-5456
https://notcve.org/view.php?id=CVE-2007-5456
14 Oct 2007 — Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. NOTE: this issue might not cross privilege ... • http://securityreason.com/securityalert/3222 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 87%CPEs: 29EXPL: 0CVE-2007-3893
https://notcve.org/view.php?id=CVE-2007-3893
09 Oct 2007 — Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error. Vulnerabilidad no especificada en Microsoft Internet Explorer 5.01 hasta 7 permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados que implican corrupción de memoria debido a un error no controlado. • http://secunia.com/advisories/23469 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 26%CPEs: 29EXPL: 0CVE-2007-3892
https://notcve.org/view.php?id=CVE-2007-3892
09 Oct 2007 — Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826. Microsoft Internet Explorer 5.01 hasta 7 permite a atacantes remotos falsificar la barra de direcciones URL y otras "Interfaces de Usuario de confianza" mediante vectores no especificados, un asunto diferente que CVE-2007-1091 y CVE-2007-3826. • http://secunia.com/advisories/27133 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5277
https://notcve.org/view.php?id=CVE-2007-5277
08 Oct 2007 — Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560. Microsoft Internet Explorer 6 borra asignaciones DNS fijas en conexiones fallidas a puertos TCP irrelevantes, lo cual hace más fácil para atacantes remotos llevar a cabo ataques de revinc... • http://crypto.stanford.edu/dns/dns-rebinding.pdf •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 1CVE-2007-5158 – Microsoft Internet Explorer 5.0.1 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2007-5158
01 Oct 2007 — The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511. La gestión del foco del evento onkeydown de Microsoft Internet Explorer 6.0 permite a atacantes remotos cambiar el foco del campo y copiar pulsaciones de teclas mediante un uso determinado del atributo JavaS... • https://www.exploit-db.com/exploits/30622 •
CVSS: 4.3EPSS: 0%CPEs: 44EXPL: 1CVE-2007-4848
https://notcve.org/view.php?id=CVE-2007-4848
12 Sep 2007 — Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file. Microsoft Internet Explorer 4.0 hasta 7 permite a atacantes remotos determinar la existencia de archivos locales que tienen imágenes asociadas mediante un URI res:// en la propiedad src de un objeto Image de JavaScript... • http://osvdb.org/37638 •
CVSS: 8.8EPSS: 95%CPEs: 5EXPL: 2CVE-2007-4790 – Microsoft Visual FoxPro 6.0 - FPOLE.OCX 6.0.8450.0 Remote (PoC)
https://notcve.org/view.php?id=CVE-2007-4790
10 Sep 2007 — Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function. Desbordamiento de búfer en la región stack de la memoria en ciertos controles ActiveX en las bibliotecas (1) FPOLE. OCX versión 6.0.8450.0 y (2) Foxtlib.ocx, tal y como son usados en Micro... • https://www.exploit-db.com/exploits/4369 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 75%CPEs: 1EXPL: 0CVE-2007-4478
https://notcve.org/view.php?id=CVE-2007-4478
22 Aug 2007 — Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 and 7 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the URI string along with the document's original content. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Microsoft Internet Explorer 6.0 permite a atacantes remotos con la complicidad del usuario inyectar secuencias... • http://osvdb.org/45826 •