Page 5 of 41 results (0.010 seconds)

CVSS: 9.3EPSS: 92%CPEs: 46EXPL: 0

CVE-2009-1530 – Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2009-1530

Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability." Vulnerabilidad de Uso de la Memoria Previamente Liberada en Microsoft Internet Explorer 7 para Windows XP SP2 y SP3; 7 para Server 2003 SP2; 7 para Vista Gold, SP1 y SP2; y 7 para Server 2008 SP2 permite a los atacantes remotos ejecutar código arbitrario mediante la adición repetida de nodos de documentos HTML y el llamado a los Controladores de Eventos, lo que desencadena un acceso de un objeto que (1) no se inicializó apropiadamente o (2) se elimina, también se conoce como "HTML Objects Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when repeatedly calling event handlers after adding nodes of an HTML document. When a specially crafted webpage is repeatedly rendered, memory is improperly reused after it has been freed. • http://osvdb.org/54949 http://www.securityfocus.com/archive/1/504209/100/0/threaded http://www.securitytracker.com/id?1022350 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1538 http://www.zerodayinitiative.com/advisories/ZDI-09-038 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6294 • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 58%CPEs: 7EXPL: 0

CVE-2007-0065

https://notcve.org/view.php?id=CVE-2007-0065

Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. Búfer overflow basado en montículo en el objeto OLE (Object Linking and Embedding)Automation en Windows 2000 SP4, XP SP2, Server 2003 SP1 y SP2, Vista, Office 2004 para Mac, y Visual basic 6.0 SP6, permite a atacantes remotos ejecutar código de su elección a través de una petición de secuencia de comandos manipulada. • http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28902 http://www.securityfocus.com/bid/27661 http://www.securitytracker.com/id?1019373 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0510/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-008 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5388 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.8EPSS: 39%CPEs: 21EXPL: 0

CVE-2007-5355

https://notcve.org/view.php?id=CVE-2007-5355

The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. La característica Web Proxy Auto-Discovery en Microsoft Internet Explorer 6 y 7, cuando un sufijo de DNS primario con tres o más componentes es configurado, resuelve nombre de host wpad no cualificado en un dominio de segundo nivel fuera de este dominio configurado en el DNS, lo cual permite a servidores WPAD llevar a cabo ataques de hombre en el medio (MITM, man-in-the-middle). • http://secunia.com/advisories/27901 http://support.microsoft.com/kb/945713 http://www.microsoft.com/technet/security/advisory/945713.mspx http://www.securityfocus.com/bid/26686 http://www.securitytracker.com/id?1019033 http://www.vupen.com/english/advisories/2007/4064 •

CVSS: 4.3EPSS: 8%CPEs: 12EXPL: 0

CVE-2007-2227

https://notcve.org/view.php?id=CVE-2007-2227

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." El manejador de protocolo MHTML en Microsoft Outlook Express 6 y Windows Mail en Windows Vista no maneja adecuadamente "notificaciones" de disposición de contenido (Content-Disposition), lo cual permite a atacantes remotos obtener información sensible de otros dominios de Internet Explorer, también conocida como "Vulnerabilidad de Revelación de Información de Dominios Cruzados en Análisis de Disposición de Contenido" (Content Disposition Parsing Cross Domain Information Disclosure Vulnerability). • http://archive.openmya.devnull.jp/2007.06/msg00060.html http://openmya.hacker.jp/hasegawa/security/ms07-034.txt http://osvdb.org/35346 http://secunia.com/advisories/25639 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/archive/1/472002/100/0/threaded http://www.securityfocus.com/bid/24410 http://www.securitytracker.com/id?1018233 http://www.securitytracker.com/id?1018234 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http •

CVSS: 4.3EPSS: 11%CPEs: 12EXPL: 0

CVE-2007-2225

https://notcve.org/view.php?id=CVE-2007-2225

A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." Un componente en Microsoft Outlook Express 6 y windows Mail en Windows Vista no maneja adecuadamente determinadas cabeceras HTTP cuado procesa URLs del protocolo MHTML, lo cual permite a atacantes remotos obtener información sensible de ostros dominios de Internet Explorer, también conocida como "Vulnerabilidad de revelación de información de dominios cruzados en el análisis URL" (URL Parsing Cross Domain Information Disclosure Vulnerability). • http://archive.openmya.devnull.jp/2007.06/msg00060.html http://openmya.hacker.jp/hasegawa/security/ms07-034.txt http://osvdb.org/35345 http://secunia.com/advisories/25639 http://www.kb.cert.org/vuls/id/682825 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/archive/1/472002/100/0/threaded http://www.securityfocus.com/bid/24392 http://www.securitytracker.com/id?1018231 http://www.securitytracker.com/id?1018232 http://www •