Page 4 of 30 results (0.010 seconds)

CVSS: 7.5EPSS: 72%CPEs: 2EXPL: 0

Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors. Microsoft Internet Explorer 5 SP4 y 6 no recogen adecuadamente la basura cuando "se utilizan múltiples importaciones en una colección de hojas de estilo" para construir una cadena de Hojas de Estilo en Cascada (CSS), lo cual permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists due to improper garbage collection when multiple "imports" are used on a "styleSheets" collection. • http://secunia.com/advisories/21396 http://securityreason.com/securityalert/1343 http://securitytracker.com/id?1016663 http://www.kb.cert.org/vuls/id/262004 http://www.osvdb.org/27854 http://www.securityfocus.com/archive/1/442578/100/0/threaded http://www.securityfocus.com/bid/19316 http://www.us-cert.gov/cas/techalerts/TA06-220A.html http://www.vupen.com/english/advisories/2006/3212 http://www.zerodayinitiative.com/advisories/ZDI-06-026.html https://docs.microsoft • CWE-20: Improper Input Validation •

CVSS: 5.1EPSS: 42%CPEs: 23EXPL: 2

Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. • https://www.exploit-db.com/exploits/27744 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html http://securitytracker.com/id?1015720 http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02 http://www.osvdb.org/22351 http://www.securityfocus.com&# • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.5EPSS: 51%CPEs: 7EXPL: 3

Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475. Internet Explorer 5.x y 6.0 permite a atacantes remotos ejecutar programas arbitrarios mediante una URL conteniendo secuencias ".." (punto punto) en un nombre de fichero terminado en "::" que es tratado como un fichero CHM aunque no tenga extensión .chm. • https://www.exploit-db.com/exploits/23504 http://www.kb.cert.org/vuls/id/187196 http://www.securityfocus.com/archive/1/348521 http://www.securityfocus.com/bid/9320 http://www.us-cert.gov/cas/techalerts/TA04-196A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023 https://exchange.xforce.ibmcloud.com/vulnerabilities/14105 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186 https://oval.cisecurity.org/repository& •

CVSS: 7.5EPSS: 8%CPEs: 8EXPL: 1

Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability. Internet Explorer 5.1 para Macintosh permite a atacantes remotos evadir comprobaciones de seguridad e invocar AppleScripts locales dentro de un elemento HTML específico. Tambien conocido como vulnerabilidad de "Invocación local de AppleScript" • https://www.exploit-db.com/exploits/21238 http://www.iss.net/security_center/static/8851.php http://www.osvdb.org/5356 http://www.securityfocus.com/archive/1/251805 http://www.securityfocus.com/bid/3935 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019 https://exchange.xforce.ibmcloud.com/vulnerabilities/7969 •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window. MS Internet Explorer para Unix 5.0SP1 permite a usuarios locales forzar una denegración de servicio (crash) tanto en CDE como en servidor X de Solaris 2.6 a través de maximizar la ventana o mostrar rápidamente caracteres chinos. • http://www.securityfocus.com/archive/1/246611 http://www.securityfocus.com/bid/3729 •