Page 4 of 32 results (0.020 seconds)

CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0

The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document. El control ActiveX Oracle Siebel Option Pack para IE no inicializa adecuadamente la memoria que usa el método NewBusObj, lo cual permite a atacantes remotos ejecutar código a su elección a través de documentos HTML manipulados. • http://secunia.com/advisories/40804 http://www.kb.cert.org/vuls/id/174089 http://www.osvdb.org/66926 http://www.vupen.com/english/advisories/2010/2028 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 6%CPEs: 3EXPL: 0

Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer. Vulnerabilidad no especificada en el control ActiveX MDrmSap de Simba en mdrmsap.dll en SAP SAPgui permite a atacantes remotos ejecutar código de su elección mediante vectores desconocidos que involucran la instanciación por Internet Explorer. • http://osvdb.org/49721 http://www.kb.cert.org/vuls/id/277313 http://www.securityfocus.com/bid/32186 http://www.vupen.com/english/advisories/2008/3106 https://exchange.xforce.ibmcloud.com/vulnerabilities/46440 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 66%CPEs: 2EXPL: 2

Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties. Desbordamiento del búfer en el control ActiveX DjVu v3.0 para Microsoft Office (DjVu_ActiveX_MSOffice.dll) permite a atacantes remotos ejecutar código de su elección a través de un propiedad larga (1) ImageURL y puede que las propiedades (2) Mode, (3) Page, o Zoom. • https://www.exploit-db.com/exploits/16638 https://www.exploit-db.com/exploits/6878 http://securityreason.com/securityalert/4560 http://www.securityfocus.com/bid/31987 http://www.vupen.com/english/advisories/2008/2956 https://exchange.xforce.ibmcloud.com/vulnerabilities/46214 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 97%CPEs: 3EXPL: 3

The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder. El control ActiveX Microsoft Office Snapshot Viewer en snapview.ocx, distribuido en Snapshot Viewer and Microsoft Office Access 2000 through 2003, permite a atacantes remotos descargar archivos de su elección a un equipo cliente a través de un documento HTML o mensaje de correo manipulados. NOTA: esto puede ser aprovechado para ejecutar código si se escribe la carpeta de inicio (StartUp). • https://www.exploit-db.com/exploits/6124 https://www.exploit-db.com/exploits/16605 http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/30883 http://www.exploit-db.com/exploits/6124 http://www.kb.cert.org/vuls/id/837785 http://www.microsoft.com/technet/security/advisory/955179.mspx http://www.securityfocus.com/bid/30114 http://www.securitytracker.com/id?1020433 http://www.us-cert.gov/cas/techalerts/TA08-189A.html http://www.us • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 88%CPEs: 22EXPL: 0

Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability." Vulnerabilidad sin especificar en el Control ActiveX (dxtmsft.dll) en Microsoft Internet Explorer 5.01, 6 SP1 y SP2, y 7, que permite a atacantes remotos ejecutar código de su elección a través de una imagen manipulada, también conocida como "Vulnerabilidad de memoria en el manejo de un argumento" • http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28903 http://www.securityfocus.com/bid/27689 http://www.securitytracker.com/id?1019381 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0512/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4904 • CWE-94: Improper Control of Generation of Code ('Code Injection') •