CVE-2006-5578
https://notcve.org/view.php?id=CVE-2006-5578
Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577. Microsoft Internet Explorer 6 y versiones anteriores permite a atacantes remotos leer Ficheros Temporales de Internet (TIF) y obtener información sensible a través de vectores sin especificar mediante operaciones de "arrastrar y soltar", también conocido como "TIF Folder Information Disclosure Vulnerability" , es distinta a la CVE-2006-5577. • http://secunia.com/advisories/23288 http://securitytracker.com/id?1017374 http://www.kb.cert.org/vuls/id/694344 http://www.osvdb.org/30815 http://www.securityfocus.com/archive/1/454969/100/200/threaded http://www.securityfocus.com/bid/21494 http://www.us-cert.gov/cas/techalerts/TA06-346A.html http://www.vupen.com/english/advisories/2006/4966 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072 https://oval.cisecurity.org/repository/search •
CVE-2006-5884
https://notcve.org/view.php?id=CVE-2006-5884
Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777. Múltiples vulnerabilidades no especificadas en controles ActiveX DirectAnimation para Microsoft Internet Explorer 5.01 hasta 6 tiene impacto y vectores desconocidos, posiblemente relacionados con (1) Danim.dll y (2) Lmrt.dll, un conjunto diferente de vulnerabilidades que CVE-2006-4446 y CVE-2006-4777. • http://www.osvdb.org/31324 http://www.us-cert.gov/cas/techalerts/TA06-318A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 •
CVE-2006-4687 – Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2006-4687
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01 hasta 6 permite a atacantes remotos ejecutar código de su elección mediante combinaciones de diseño artesanales implicando etiquetas DIV y propiedades float de HTML CSS que disparan una corrupción de memoria, también conocido como "Vulnerabilidad de corrupción de memoria al traducir HTML". This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists due to improper parsing of HTML CSS 'float' properties. By ordering specially crafted 'div' tags in a web page, memory corruption can occur leading to remote code execution. • http://securitytracker.com/id?1017223 http://www.kb.cert.org/vuls/id/197852 http://www.osvdb.org/31323 http://www.securityfocus.com/archive/1/451590/100/100/threaded http://www.securityfocus.com/bid/21020 http://www.us-cert.gov/cas/techalerts/TA06-318A.html http://www.vupen.com/english/advisories/2006/4505 http://www.zerodayinitiative.com/advisories/ZDI-06-041.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 https://exchange.xforce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-4888
https://notcve.org/view.php?id=CVE-2006-4888
Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. Microsoft Internet Explorer 6 y anteriores permite a atacantes remotos provocar una denegación de servicio (aplicación que no responde) vía un elemento INPUT HTML con formato CSS dentro de un elemento DIV que tiene un tamaño mayor que el INPUT. • http://archives.neohapsis.com/archives/bugtraq/2006-07/0199.html http://jonas.elunic.de/blog/index.php/2006/07/14/ie-freeze-bug http://www.osvdb.org/28614 •
CVE-2006-3451 – Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2006-3451
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors. Microsoft Internet Explorer 5 SP4 y 6 no recogen adecuadamente la basura cuando "se utilizan múltiples importaciones en una colección de hojas de estilo" para construir una cadena de Hojas de Estilo en Cascada (CSS), lo cual permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists due to improper garbage collection when multiple "imports" are used on a "styleSheets" collection. • http://secunia.com/advisories/21396 http://securityreason.com/securityalert/1343 http://securitytracker.com/id?1016663 http://www.kb.cert.org/vuls/id/262004 http://www.osvdb.org/27854 http://www.securityfocus.com/archive/1/442578/100/0/threaded http://www.securityfocus.com/bid/19316 http://www.us-cert.gov/cas/techalerts/TA06-220A.html http://www.vupen.com/english/advisories/2006/3212 http://www.zerodayinitiative.com/advisories/ZDI-06-026.html https://docs.microsoft • CWE-20: Improper Input Validation •