CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 1CVE-2007-5158 – Microsoft Internet Explorer 5.0.1 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2007-5158
01 Oct 2007 — The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511. La gestión del foco del evento onkeydown de Microsoft Internet Explorer 6.0 permite a atacantes remotos cambiar el foco del campo y copiar pulsaciones de teclas mediante un uso determinado del atributo JavaS... • https://www.exploit-db.com/exploits/30622 •
CVSS: 4.3EPSS: 0%CPEs: 44EXPL: 1CVE-2007-4848
https://notcve.org/view.php?id=CVE-2007-4848
12 Sep 2007 — Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file. Microsoft Internet Explorer 4.0 hasta 7 permite a atacantes remotos determinar la existencia de archivos locales que tienen imágenes asociadas mediante un URI res:// en la propiedad src de un objeto Image de JavaScript... • http://osvdb.org/37638 •
CVSS: 8.8EPSS: 95%CPEs: 5EXPL: 2CVE-2007-4790 – Microsoft Visual FoxPro 6.0 - FPOLE.OCX 6.0.8450.0 Remote (PoC)
https://notcve.org/view.php?id=CVE-2007-4790
10 Sep 2007 — Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function. Desbordamiento de búfer en la región stack de la memoria en ciertos controles ActiveX en las bibliotecas (1) FPOLE. OCX versión 6.0.8450.0 y (2) Foxtlib.ocx, tal y como son usados en Micro... • https://www.exploit-db.com/exploits/4369 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 75%CPEs: 1EXPL: 0CVE-2007-4478
https://notcve.org/view.php?id=CVE-2007-4478
22 Aug 2007 — Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 and 7 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the URI string along with the document's original content. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Microsoft Internet Explorer 6.0 permite a atacantes remotos con la complicidad del usuario inyectar secuencias... • http://osvdb.org/45826 •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0CVE-2007-4356
https://notcve.org/view.php?id=CVE-2007-4356
15 Aug 2007 — Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file. Microsoft Internet Explorer 6 y 7 incrusta credenciales FTP en los archivos HTML que se obtienen durante una sesión FTP, lo cual permite a atacantes locales o remotos (dependiendo del contexto) obtener información sensible leyendo la fu... • http://blog.washingtonpost.com/securityfix/2007/08/ftp_files_expose_web_site_cred.html •
CVSS: 9.8EPSS: 92%CPEs: 3EXPL: 1CVE-2007-1749 – Microsoft Internet Explorer 5.0.1 - Vector Markup Language 'VGX.dll' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1749
14 Aug 2007 — Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow. Desbordamiento de entero en CDownloadSink class code en el componente de Lenguaje de Marcado Vectoria (VML) (VGX.DLL), como el utilizado en Internet Explorer 5.01, 6, y 7 permite a atacantes remotos ejecutar código... • https://www.exploit-db.com/exploits/30494 •
CVSS: 9.3EPSS: 95%CPEs: 3EXPL: 1CVE-2007-2216 – Microsoft Internet Explorer 5.0.1 - 'TBLinf32.dll' ActiveX Control Remote Code Execution
https://notcve.org/view.php?id=CVE-2007-2216
14 Aug 2007 — The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability." El control ActiveX de la biblioteca tblinf32.dll (también c... • https://www.exploit-db.com/exploits/30490 • CWE-16: Configuration •
CVSS: 8.8EPSS: 89%CPEs: 2EXPL: 0CVE-2007-0943
https://notcve.org/view.php?id=CVE-2007-0943
14 Aug 2007 — Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers. Una vulnerabilidad no especificada en Internet Explorer versiones 5.01 y 6 SP1, permite a atacantes remotos ejecutar código arbitrario por medio de cadenas de Cascading Style Sheets (CSS) diseñadas que desencadenan una corrupción de memoria durante el análisis, ... • http://secunia.com/advisories/26419 •
CVSS: 9.3EPSS: 88%CPEs: 3EXPL: 0CVE-2007-3041
https://notcve.org/view.php?id=CVE-2007-3041
14 Aug 2007 — Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability." Una vulnerabilidad no especificada en el objeto ActiveX del archivo pdwizard.ocx para Internet Explorer versiones 5.01, 6 SP1 y 7, permite a atacantes remotos ejecutar código arbitrario por medio de vectores de ataque d... • http://secunia.com/advisories/26419 •
CVSS: 5.5EPSS: 1%CPEs: 2EXPL: 1CVE-2007-4227
https://notcve.org/view.php?id=CVE-2007-4227
08 Aug 2007 — Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958. Microsoft Windows Explorer (explorer.exe) permite a atacantes remotos con la complicidad del usuario provocar una denegación de servicio mediante cierto fichero JPG, como ha sido demostrado por something.jpg. NOTA: este asunto podría estar relacionado con CVE-2007-3958. • http://lostmon.blogspot.com/2007/08/windows-extended-file-attributes-buffer.html •