Page 4 of 32 results (0.003 seconds)

CVSS: 10.0EPSS: 77%CPEs: 18EXPL: 0

Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. mshtml.dll de ciertas versiones de Internet Explorer 6.x permite a atacantes remotos causar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código arbitrario mediante una imagen GIF malformada que dispara un desbordamiento de búfer. • http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009445.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009473.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009506.html http://www.ciac.org/ciac/bulletins/o-191.shtml http://www.kb.cert.org/vuls/id/685364 http://www.securityfocus.com/bid/8530 http://www.us-cert.gov/cas/techalerts/TA04-212A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/200 • CWE-415: Double Free •

CVSS: 5.0EPSS: 4%CPEs: 32EXPL: 2

Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. Versiones desconocidas de Internet Explorer y Outlook permiten a atacantes remotos suplantar URL legítimas en la barra de estado mediante etiquetas A HREF con valores "alt" modificados que apuntan al sitio legítimo, combinado con un mapa de imagen cuyo HREF apunta al sitio malicioso, lo que facilita ataques de suplantación para robo de datos (phising). • https://www.exploit-db.com/exploits/24102 http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html http://marc.info/?l=bugtraq&m=108422905510713&w=2 http://www.kurczaba.com/securityadvisories/0405132poc.htm http://www.securityfocus.com/bid/10308 https://exchange.xforce.ibmcloud.com/vulnerabilities/16102 •

CVSS: 8.8EPSS: 12%CPEs: 4EXPL: 3

Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. • https://www.exploit-db.com/exploits/22280 http://www.securityfocus.com/archive/1/312910 http://www.securityfocus.com/archive/1/312929 http://www.securityfocus.com/bid/6923 https://exchange.xforce.ibmcloud.com/vulnerabilities/11411 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content. • http://archives.neohapsis.com/archives/bugtraq/2002-03/0267.html http://www.iss.net/security_center/static/8611.php http://www.securityfocus.com/bid/4334 •

CVSS: 7.5EPSS: 15%CPEs: 6EXPL: 0

Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to. Microsoft Outlook 2000 y 2002, cuando están configurados para usar Microsoft Word como editor de correo, no bloquea secuencias de comandos (scripts) en usjo mientras se editan mensajes en HTML o Formato de Texto Enriquecido (RTF), lo que podría permitir a atacantes remotos ejecutar scripts arbitrarios mediante un correo electrónico que el usuario reenvia o al que responde. • http://marc.info/?l=bugtraq&m=101760380418890&w=2 http://online.securityfocus.com/archive/1/265621 http://www.iss.net/security_center/static/8708.php http://www.securityfocus.com/bid/4397 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A205 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A429 •