CVSS: 9.3EPSS: 96%CPEs: 13EXPL: 2CVE-2007-0024 – Microsoft Internet Explorer - VML Download and Execute (MS07-004)
https://notcve.org/view.php?id=CVE-2007-0024
09 Jan 2007 — Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." Debordamiento de Entero en la implementación (vgx.dll) del Lenguaje de Marcas de Vectores (... • https://www.exploit-db.com/exploits/3148 •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2006-5578
https://notcve.org/view.php?id=CVE-2006-5578
12 Dec 2006 — Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577. Microsoft Internet Explorer 6 y versiones anteriores permite a atacantes remotos leer Ficheros Temporales de Internet (TIF) y obtener información sensible a través de vectores sin especificar mediante operacio... • http://secunia.com/advisories/23288 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2006-5577
https://notcve.org/view.php?id=CVE-2006-5577
12 Dec 2006 — Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578. Microsoft Internet Explorer 6 y versiones anteriores permite a atacantes remotos la obtención de información sensible a través de usos sin especificar de la etiqueta de HTML OBJECT, que revela la ruta abso... • http://secunia.com/advisories/23288 •
CVSS: 8.8EPSS: 4%CPEs: 6EXPL: 0CVE-2006-5884
https://notcve.org/view.php?id=CVE-2006-5884
14 Nov 2006 — Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777. Múltiples vulnerabilidades no especificadas en controles ActiveX DirectAnimation para Microsoft Internet Explorer 5.01 hasta 6 tiene impacto y vectores desconocidos, posiblemente relacionados con (1) Danim.dll y (2) Lmrt... • http://www.osvdb.org/31324 •
CVSS: 8.8EPSS: 52%CPEs: 6EXPL: 0CVE-2006-4687 – Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2006-4687
14 Nov 2006 — Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01 hasta 6 permite a atacantes remotos ejecutar código de su elección mediante combinaciones de diseño artesanales implicando etiquetas DIV y propiedades float de HTML CSS que disparan una corrupción de memoria, también co... • http://securitytracker.com/id?1017223 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 0CVE-2006-4888
https://notcve.org/view.php?id=CVE-2006-4888
19 Sep 2006 — Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. Microsoft Internet Explorer 6 y anteriores permite a atacantes remotos provocar una denegación de servicio (aplicación que no responde) vía un elemento INPUT HTML con formato CSS dentro de un elemento DIV que tiene un tamaño mayor que el INPUT. • http://archives.neohapsis.com/archives/bugtraq/2006-07/0199.html •
CVSS: 9.8EPSS: 95%CPEs: 1EXPL: 3CVE-2006-4777 – Microsoft Internet Explorer - COM Object Remote Heap Overflow
https://notcve.org/view.php?id=CVE-2006-4777
14 Sep 2006 — Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446. Desbordamiento de búfer basado en montón en el DirectAnimation Path Control (... • https://www.exploit-db.com/exploits/2358 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 7%CPEs: 10EXPL: 0CVE-2006-3873
https://notcve.org/view.php?id=CVE-2006-3873
12 Sep 2006 — Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869. Desbordamiento de búfer basado en montón en URLMON.DLL en Microsoft Internet Explorer 6 SP1 sobre Windows 2000 y XP SP1, con versiones del parc... • http://research.eeye.com/html/advisories/published/AD20060912.html •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 1CVE-2006-4560
https://notcve.org/view.php?id=CVE-2006-4560
06 Sep 2006 — Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. Internet Explorer 6 sobre Windows XP SP2 permite a un ataca... • http://polyboy.net/xss/dnsslurp.html •
CVSS: 7.8EPSS: 95%CPEs: 21EXPL: 1CVE-2006-4495 – Microsoft Windows Server 2000 - Multiple COM Object Instantiation Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-4495
31 Aug 2006 — Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll. Microsoft Internet Explorer permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) y posiblemente ejecutar código de su elección instanciando ciertos objetos Windows 2000 ActiveX COM incluyendo (1) ciodm.dll... • https://www.exploit-db.com/exploits/28420 •