Page 5 of 25 results (0.011 seconds)

CVSS: 7.5EPSS: 94%CPEs: 23EXPL: 1

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. • https://www.exploit-db.com/exploits/1838 http://secunia.com/advisories/18957 http://securitytracker.com/id?1015900 http://www.kb.cert.org/vuls/id/824324 http://www.securityfocus.com/archive/1/435096/30/4710/threaded http://www.us-cert.gov/cas/techalerts/TA06-101A.html http://www.vupen.com/english/advisories/2006/1318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval& •

CVSS: 10.0EPSS: 95%CPEs: 21EXPL: 1

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption. • https://www.exploit-db.com/exploits/1838 http://secunia.com/advisories/18957 http://securitytracker.com/id?1015900 http://www.kb.cert.org/vuls/id/959049 http://www.securityfocus.com/bid/17453 http://www.us-cert.gov/cas/techalerts/TA06-101A.html http://www.vupen.com/english/advisories/2006/1318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/25545 https://oval.cisecurity.org/repository/search& •

CVSS: 5.0EPSS: 96%CPEs: 11EXPL: 1

Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem. • https://www.exploit-db.com/exploits/1079 http://marc.info/?l=bugtraq&m=112006764714946&w=2 http://secunia.com/advisories/15891 http://securitytracker.com/id?1014329 http://www.auscert.org.au/render.html?it=5225 http://www.kb.cert.org/vuls/id/939605 http://www.kb.cert.org/vuls/id/959049 http://www.microsoft.com/technet/security/advisory/903144.mspx http://www.osvdb.org/17680 http://www.securityfocus.com/archive/1/404055 http://www.securityfocus.com/bid/ • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 56%CPEs: 18EXPL: 1

Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. • http://secunia.com/advisories/13251 http://secunia.com/advisories/22628 http://secunia.com/multiple_browsers_window_injection_vulnerability_test http://secunia.com/secunia_research/2004-13/advisory http://www.securityfocus.com/archive/1/449917/100/0/threaded http://www.securityfocus.com/bid/11855 •

CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0

Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability." • http://www.osvdb.org/1972 http://www.securityfocus.com/bid/3421 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051 https://exchange.xforce.ibmcloud.com/vulnerabilities/7259 •