CVSS: 7.8EPSS: 33%CPEs: 2EXPL: 1CVE-2006-7206 – Microsoft Internet Explorer - Recordset Double-Free Memory (MS07-009)
https://notcve.org/view.php?id=CVE-2006-7206
22 Jun 2007 — Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899. Microsoft Internet Explorer 6 en el Windows XP SP2 permite a atacantes remotos provocar una denegación de servicio (caída) mediante la creación de un obj... • https://www.exploit-db.com/exploits/3577 •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2007-3341
https://notcve.org/view.php?id=CVE-2007-3341
21 Jun 2007 — Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217. Vulnerabilidad sin especificar en la implementación del FTP del Microsoft Internet Explorer permite a atacantes remotos "ver una dirección de memoria válida" a través de vectores sin especificar, vulnerabilidad diferente a la CVE-2007-0217. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473 •
CVSS: 9.3EPSS: 96%CPEs: 19EXPL: 3CVE-2007-2222 – Microsoft Speech API ActiveX Control (Windows 2000 SP4) - Remote Buffer Overflow (MS07-033)
https://notcve.org/view.php?id=CVE-2007-2222
12 Jun 2007 — Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. Múltiples desbordamientos de búfer en los controles de voz (1) ActiveListen (en la biblioteca Xlisten.dll) y (2) ActiveVoice (e... • https://www.exploit-db.com/exploits/4065 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 90%CPEs: 19EXPL: 0CVE-2007-0218
https://notcve.org/view.php?id=CVE-2007-0218
12 Jun 2007 — Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. Microsoft Internet Explorer versiones 5.01 y 6 permite a los atacantes remotos ejecutar código arbitrario mediante peticiones de determinados objetos COM desde la biblioteca Urlmon.dll, lo que desencadena corrupción de memoria durante una llamada a la función IObjectSafety. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=542 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 89%CPEs: 19EXPL: 0CVE-2007-1750
https://notcve.org/view.php?id=CVE-2007-1750
12 Jun 2007 — Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. Vulnerabilidad no especificada en Microsoft Internet Explorer 6 permite a atacantes remotos ejecutar código de su elección mediante una etiqueta de Hoja de Estilo en Cascada (CSS) que dispara una corrupción de memoria. • http://osvdb.org/35349 •
CVSS: 9.8EPSS: 97%CPEs: 9EXPL: 0CVE-2007-1751 – Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2007-1751
12 Jun 2007 — Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer versiones 5.01, 6 y 7 permite a los atacantes remotos ejecutar código arbitrario causando que Internet Explorer acceda a un objeto no inicializado o eliminado, relacionado con variables prototipo y celdas de tabla, ... • http://osvdb.org/35351 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 93%CPEs: 19EXPL: 0CVE-2007-3027 – Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2007-3027
12 Jun 2007 — Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability." Condición de carrera en Microsoft Internet Explorer 5.01, 6, y 7 permite a atacantes remotos ejecutar código de su elección provocando que Internet Explorer instale múltiples paquetes de idioma en un modo que dispara una corrupción de memoria, tam... • http://osvdb.org/35350 •
CVSS: 10.0EPSS: 40%CPEs: 3EXPL: 1CVE-2007-3111 – Microsoft Internet Explorer 6 / Provideo Camimage - 'ISSCamControl.dll 1.0.1.5' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-3111
07 Jun 2007 — Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value. Desbordamiento de búfer en el control de ActiveX Provideo Camimage en el ISSCamControl.dll 1.0.1.5, cuando el Internet Explorer 6 se usa bajo Windows 2000 SP4, permite a atacantes remotos ejecutar código de su elección mediante una valor en la propiedad URL largo. • https://www.exploit-db.com/exploits/4023 •
CVSS: 8.1EPSS: 96%CPEs: 24EXPL: 0CVE-2007-3091
https://notcve.org/view.php?id=CVE-2007-3091
06 Jun 2007 — Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain In... • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 17%CPEs: 3EXPL: 1CVE-2007-3092
https://notcve.org/view.php?id=CVE-2007-3092
06 Jun 2007 — Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks. Microsoft Internet Explorer 6 permite a atacantes remotos falsificar la barra de URL, y las propiedades de la página incluyendo certificados SSL, interrumpiendo la carga de la página mediante determinado uso de objetos de local... • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html •