CVSS: 7.5EPSS: 45%CPEs: 2EXPL: 0CVE-2006-3639
https://notcve.org/view.php?id=CVE-2006-3639
09 Aug 2006 — Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability." Microsoft Internet Explorer 5.01 y 6 no identifica adecuadamente la zona de dominio que origina cuando maneja la redirección, lo cual permite a un atacante remoto leer páginas web de dominios cruzados y ... • http://secunia.com/advisories/21396 •
CVSS: 5.3EPSS: 36%CPEs: 2EXPL: 0CVE-2006-3640
https://notcve.org/view.php?id=CVE-2006-3640
09 Aug 2006 — Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability." Microsoft Internet Explorer 5.01 y 6 permite a ciertas secuencias de comandos persistir a través de navegaciones entre páginas, lo cual permite a un atacante remoto obtener la localización de ventana de páginas web visitadas en otros domi... • http://secunia.com/advisories/21396 •
CVSS: 6.0EPSS: 28%CPEs: 2EXPL: 0CVE-2006-3643
https://notcve.org/view.php?id=CVE-2006-3643
09 Aug 2006 — Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Internet Explorer 5.01 y 6 en Microsoft Windows 2000 SP4 permite acceso a "ficheros de recursos HTML-embedde... • http://secunia.com/advisories/21401 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 77%CPEs: 2EXPL: 1CVE-2006-3637 – Microsoft Internet Explorer 5.0.1 - Frameset Memory Corruption
https://notcve.org/view.php?id=CVE-2006-3637
08 Aug 2006 — Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01 SP4 y 6 no maneja adecuadamente diversas combinaciones de componentes en diseños HTML, lo cual permite a atacantes remotos con la intervención del usuario ejecutar código de su elección ... • https://www.exploit-db.com/exploits/27971 •
CVSS: 8.8EPSS: 64%CPEs: 8EXPL: 0CVE-2006-3638
https://notcve.org/view.php?id=CVE-2006-3638
08 Aug 2006 — Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01 y 6 no maneja adecuadamente objetos COM no inicializados, lo cual permite a atacantes remotos provocar una denegación de ser... • http://secunia.com/advisories/21396 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 63%CPEs: 2EXPL: 0CVE-2006-3450 – Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2006-3450
08 Aug 2006 — Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file. Microsoft Internet Explorer 6 permite a atacantes remotos ejecutar código de su elección usando la función Javascript document.getElementByID para acceder a elementos de Hojas de Estilo en Cascada (CSS) manipulado... • http://secunia.com/advisories/21396 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 64%CPEs: 2EXPL: 0CVE-2006-3451 – Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2006-3451
08 Aug 2006 — Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors. Microsoft Internet Explorer 5 SP4 y 6 no recogen adecuadamente la basura cuando "se utilizan múltiples importaciones en una colección de hojas de estilo" para construir una cadena de Hojas de Estilo en Cascada (CSS), lo cual permite a atacantes... • http://secunia.com/advisories/21396 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 38%CPEs: 1EXPL: 3CVE-2006-3943 – Microsoft Internet Explorer 6 - NDFXArtEffects Stack Overflow
https://notcve.org/view.php?id=CVE-2006-3943
31 Jul 2006 — Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties. Desbordamiento de búfer basado en pila en NDFXArtEffects de Microsoft Internet Explorer 6 en Windows XP SP2 permite a atacantes remotos provocar una denegación de servicio (caída) mediante propiedades largas (1) RGBExtraColor, (2) RGBForeColor, y (3) RGBBackColor. • https://www.exploit-db.com/exploits/28286 •
CVSS: 6.5EPSS: 43%CPEs: 1EXPL: 2CVE-2006-3944 – Microsoft Internet Explorer 6 - Multiple Object ListWidth Property Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-3944
31 Jul 2006 — Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference. Microsoft Internet Explorer 6 en Windows XP SP2 permite a atacantes remotos provocar una denegación de servicio (caída) mediante un objeto (1) Forms.ListBox.1 o (2) Forms.ListBox.1 con la propi... • https://www.exploit-db.com/exploits/28258 •
CVSS: 7.5EPSS: 43%CPEs: 1EXPL: 3CVE-2006-3910 – Microsoft Internet Explorer 6 - OVCtl Denial of Service
https://notcve.org/view.php?id=CVE-2006-3910
28 Jul 2006 — Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference. Internet Explorer 6 sobre Windows XP SP2, cuando Outlook está instalado, permite a atacantes remotos provocar denegación de servicio (caida) a través de llamadas a la función NewDefaultItem de un objeto OVCtl (OVCtl.OVCtl.1) ActiveXm lo cual dispara una dereferencia ... • https://www.exploit-db.com/exploits/28246 •