CVE-2007-2227
https://notcve.org/view.php?id=CVE-2007-2227
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." El manejador de protocolo MHTML en Microsoft Outlook Express 6 y Windows Mail en Windows Vista no maneja adecuadamente "notificaciones" de disposición de contenido (Content-Disposition), lo cual permite a atacantes remotos obtener información sensible de otros dominios de Internet Explorer, también conocida como "Vulnerabilidad de Revelación de Información de Dominios Cruzados en Análisis de Disposición de Contenido" (Content Disposition Parsing Cross Domain Information Disclosure Vulnerability). • http://archive.openmya.devnull.jp/2007.06/msg00060.html http://openmya.hacker.jp/hasegawa/security/ms07-034.txt http://osvdb.org/35346 http://secunia.com/advisories/25639 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/archive/1/472002/100/0/threaded http://www.securityfocus.com/bid/24410 http://www.securitytracker.com/id?1018233 http://www.securitytracker.com/id?1018234 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http •
CVE-2007-2225
https://notcve.org/view.php?id=CVE-2007-2225
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." Un componente en Microsoft Outlook Express 6 y windows Mail en Windows Vista no maneja adecuadamente determinadas cabeceras HTTP cuado procesa URLs del protocolo MHTML, lo cual permite a atacantes remotos obtener información sensible de ostros dominios de Internet Explorer, también conocida como "Vulnerabilidad de revelación de información de dominios cruzados en el análisis URL" (URL Parsing Cross Domain Information Disclosure Vulnerability). • http://archive.openmya.devnull.jp/2007.06/msg00060.html http://openmya.hacker.jp/hasegawa/security/ms07-034.txt http://osvdb.org/35345 http://secunia.com/advisories/25639 http://www.kb.cert.org/vuls/id/682825 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/archive/1/472002/100/0/threaded http://www.securityfocus.com/bid/24392 http://www.securitytracker.com/id?1018231 http://www.securitytracker.com/id?1018232 http://www •
CVE-2007-0218
https://notcve.org/view.php?id=CVE-2007-0218
Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. Microsoft Internet Explorer versiones 5.01 y 6 permite a los atacantes remotos ejecutar código arbitrario mediante peticiones de determinados objetos COM desde la biblioteca Urlmon.dll, lo que desencadena corrupción de memoria durante una llamada a la función IObjectSafety. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=542 http://osvdb.org/35348 http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/24372 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http://www.vupen.com/english/advisories/2007/2153 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033 https://exchange.xforce.ib • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-2222 – Microsoft Speech API ActiveX Control (Windows 2000 SP4) - Remote Buffer Overflow (MS07-033)
https://notcve.org/view.php?id=CVE-2007-2222
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. Múltiples desbordamientos de búfer en los controles de voz (1) ActiveListen (en la biblioteca Xlisten.dll) y (2) ActiveVoice (en la biblioteca Xvoice.dll), tal como son utilizados por Microsoft Internet Explorer en las versiones 5.01, 6 y 7, permiten a los atacantes remotos ejecutar código arbitrario por medio de un Objeto ActiveX que activa la corrupción de la memoria, como se demuestra por medio del parámetro ModeName a la función FindEngine en ACTIVEVOICEPROJECTLib.DirectSS. • https://www.exploit-db.com/exploits/4065 https://www.exploit-db.com/exploits/4066 http://osvdb.org/35353 http://retrogod.altervista.org/win_speech_2k_sp4.html http://retrogod.altervista.org/win_speech_xp_sp2.html http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.exploit-db.com/exploits/4065 http://www.kb.cert.org/vuls/id/507433 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/2442 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-1750
https://notcve.org/view.php?id=CVE-2007-1750
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. Vulnerabilidad no especificada en Microsoft Internet Explorer 6 permite a atacantes remotos ejecutar código de su elección mediante una etiqueta de Hoja de Estilo en Cascada (CSS) que dispara una corrupción de memoria. • http://osvdb.org/35349 http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/24423 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http://www.vupen.com/english/advisories/2007/2153 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033 https://exchange.xforce.ibmcloud.com/vulnerabilities/34619 https://oval.cisecurity.org/repository/sear •