Page 5 of 135 results (0.015 seconds)

CVSS: 9.3EPSS: 86%CPEs: 25EXPL: 0

Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll. Microsoft Internet Explorer versión 5.01 SP4 en Windows 2000 SP4; versión 6 SP1 en Windows 2000 SP4; versiones 6 y 7 en Windows XP SP2, o Windows Server 2003 SP1 o SP2; y posiblemente versión 7 en Windows Vista "instantiate certain COM objects as ActiveX controls" inapropiadamente, que permite a los atacantes remotos ejecutar código arbitrario por medio de un objeto COM creado de la biblioteca chtskdic.dll. • http://secunia.com/advisories/23769 http://www.osvdb.org/34399 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securitytracker.com/id?1018019 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1712 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027 https://exchange.xforce.ibmcloud.com/vulnerabilities/33252 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval •

CVSS: 9.3EPSS: 94%CPEs: 10EXPL: 0

Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability." Vulnerabilidad no especificada en el método CTableCol::OnPropertyChange de Microsoft Internet Explorer 5.01 SP4 en Windows 2000 SP4; 6 SP1 en Windows 2000 SP4; y 6 en Windows XP SP2, o Windows Server 2003 SP1 o SP2 permite a atacantes remotos ejecutar código de su elección llamando a deleteCell en una fila de tabla con nombre, y después accediendo a la columna, lo cual provoca que Internet Explorer acceda a objetos previamente borrados, también conocida como "Vulnerabilidad de Corrupción de Memoria No Inicializada". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the CTableCol::OnPropertyChange() method. When a named table row in HTML contains a named table column, then calls the deleteCell() JavaScript method, any property of the table column, existing or not, accessed after the deletion takes place will trigger an exploitable memory corruption. • http://secunia.com/advisories/23769 http://www.osvdb.org/34400 http://www.securityfocus.com/archive/1/467989/100/0/threaded http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23771 http://www.securitytracker.com/id?1018019 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1712 http://www.zerodayinitiative.com/advisories/ZDI-07-027.html https://docs.microsoft.com/en-us/securit •

CVSS: 5.0EPSS: 18%CPEs: 41EXPL: 3

Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. Microsoft Internet Explorer permite a atacantes remotos provocar denegación de servicio (caida) a través de un IFRAME con ciertos archivos XML y plantillas de estilo XSL que disparan una cauda en mshtml.dll cuando un se llama se solicita un refresco de cotenido, probablemente a un puntero de referencia nula. • https://www.exploit-db.com/exploits/28343 http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html http://www.securityfocus.com/bid/19364 http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511 •

CVSS: 6.8EPSS: 24%CPEs: 4EXPL: 0

Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers. Microsoft Internet Explorer 7 permite a atacantes remotos impedir a los usuarios dejar un sitio, simular la barra de direcciones y llevar a cabo ataques de tipo phishing u otros mediante un gestor de eventos Javascript onUnload. • http://lcamtuf.coredump.cx/ietrap http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html http://secunia.com/advisories/23014 http://securityreason.com/securityalert/2291 http://securitytracker.com/id?1018788 http://www.securityfocus.com/archive/1/461023/100/0/threaded http://www.securityfocus.com/archive/1/461027/100/0/threaded http://www.securityfocus.com/archive/1/482366/100/0/threaded http://www.securityfocus.com/bid/22680 http://www.us-cert.gov/ca •

CVSS: 5.0EPSS: 54%CPEs: 8EXPL: 0

Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll. Microsoft Internet Explorer 6 SP2 y anteriores permite a atacantes remotos provocar denegación de servicio (caida) a través de ciertos HTML malformados, posiblemente afectando a etiquetas base y applet sin argumentos requeridos, lo cual dispara un puntero nulo no referenciado en mshtml.dll. • http://securityreason.com/securityalert/2286 http://www.securityfocus.com/archive/1/435095/30/4710/threaded http://www.securityfocus.com/archive/1/435129/30/4710/threaded http://www.securityfocus.com/bid/18112 https://exchange.xforce.ibmcloud.com/vulnerabilities/26808 •