CVSS: 9.8EPSS: 95%CPEs: 1EXPL: 3CVE-2006-4777 – Microsoft Internet Explorer - COM Object Remote Heap Overflow
https://notcve.org/view.php?id=CVE-2006-4777
14 Sep 2006 — Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446. Desbordamiento de búfer basado en montón en el DirectAnimation Path Control (... • https://www.exploit-db.com/exploits/2358 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 7%CPEs: 10EXPL: 0CVE-2006-3873
https://notcve.org/view.php?id=CVE-2006-3873
12 Sep 2006 — Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869. Desbordamiento de búfer basado en montón en URLMON.DLL en Microsoft Internet Explorer 6 SP1 sobre Windows 2000 y XP SP1, con versiones del parc... • http://research.eeye.com/html/advisories/published/AD20060912.html •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 1CVE-2006-4560
https://notcve.org/view.php?id=CVE-2006-4560
06 Sep 2006 — Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. Internet Explorer 6 sobre Windows XP SP2 permite a un ataca... • http://polyboy.net/xss/dnsslurp.html •
CVSS: 7.8EPSS: 95%CPEs: 21EXPL: 1CVE-2006-4495 – Microsoft Windows Server 2000 - Multiple COM Object Instantiation Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-4495
31 Aug 2006 — Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll. Microsoft Internet Explorer permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) y posiblemente ejecutar código de su elección instanciando ciertos objetos Windows 2000 ActiveX COM incluyendo (1) ciodm.dll... • https://www.exploit-db.com/exploits/28420 •
CVSS: 8.8EPSS: 94%CPEs: 1EXPL: 2CVE-2006-4446 – Microsoft Internet Explorer 5.0.1 - Daxctle.OCX Spline Method Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-4446
30 Aug 2006 — Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points. Desbordamiento de búfer basado en montículo en el objeto COM DirectAnimation.PathControl (daxctle.ocx) en Microsoft Internet Explorer 6.0 SP1 permite a atacantes remotos provocar una denegación de servicio y posibleme... • https://www.exploit-db.com/exploits/28438 •
CVSS: 8.8EPSS: 75%CPEs: 1EXPL: 0CVE-2006-3869
https://notcve.org/view.php?id=CVE-2006-3869
23 Aug 2006 — Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. Desbordamiento de búfer basado en montón en URLMON.DLL en Microsoft Internet Explorer 6 SP1 en Windows 2000 y XP SP1, con versiones del parche MS06-042 anteriores al 24/08/2006, permite a atacantes remotos pro... • http://secunia.com/advisories/21557 •
CVSS: 6.5EPSS: 11%CPEs: 1EXPL: 4CVE-2006-4301 – Microsoft Internet Explorer 6 - DirectX Media Remote Overflow Denial of Service
https://notcve.org/view.php?id=CVE-2006-4301
23 Aug 2006 — Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1. Microsoft Internet Explorer 6.0 SP1 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un atributo Colo... • https://www.exploit-db.com/exploits/4251 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 93%CPEs: 1EXPL: 3CVE-2006-4219 – Microsoft Internet Explorer 6 - 'TSUserEX.dll' ActiveX Control Memory Corruption
https://notcve.org/view.php?id=CVE-2006-4219
18 Aug 2006 — The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN. El objeto COM de Servicios de Terminal (tsuserex.dll) permite a atacantes remotos provocar unad enegación de servicio (caída) y posiblemente ejecutar código de su elección instanciándolo como un objeto ActiveX en Internet Explorer 6.0 SP1 en Microsoft Windows ... • https://www.exploit-db.com/exploits/28400 •
CVSS: 7.8EPSS: 9%CPEs: 3EXPL: 8CVE-2006-4193 – Microsoft Internet Explorer 6 - 'IMSKDIC.dll' Denial of Service
https://notcve.org/view.php?id=CVE-2006-4193
17 Aug 2006 — Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files. Microsoft Internet Explorer 6.0 SP1 y posiblemente otras versiones permite ... • https://www.exploit-db.com/exploits/28387 •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2006-3643
https://notcve.org/view.php?id=CVE-2006-3643
09 Aug 2006 — Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Internet Explorer 5.01 y 6 en Microsoft Windows 2000 SP4 permite acceso a "ficheros de recursos HTML-embedde... • http://secunia.com/advisories/21401 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •