CVE-2006-6659 – Microsoft Office Outlook Recipient Control - 'ole32.dll' Denial of Service
https://notcve.org/view.php?id=CVE-2006-6659
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. El control ActiveX Recipient de Microsoft Office Outlook (ole32.dll) en Windows XP SP2 permite a atacantes remotos provocar una denegación de servicio (cuelgue de Internet Explorer 7) mediante una HTML artesanal. • https://www.exploit-db.com/exploits/2946 https://www.exploit-db.com/exploits/29295 http://securitytracker.com/id?1017397 http://shinnai.altervista.org/viewtopic.php?id=41&t_id=8 http://www.securityfocus.com/bid/21649 •
CVE-2006-5913
https://notcve.org/view.php?id=CVE-2006-5913
Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805. Microsoft Internet Explorer 7 permite a un atacante remoto a (1) provocar un certificado de seguridad desde un sitio web seguro aparece inválido a través de un enlace a res://ieframe.dll/sslnavcancel.htm con el sitio objetivo en el identificador anchor, que exhibe el URL del sitio en la barra de dirección pero el Internet Explorer informa que el certificado es inválido, o (2) dispara “la página Web no existe” a través de un enlace a res://ieframe.dll/http_410.htm, una variante de CVE-2006-5805. • http://www.blogger.com/comment.g?blogID=15069726&postID=116257593427394541 http://www.securityfocus.com/archive/1/450825/100/0/threaded •
CVE-2006-5805
https://notcve.org/view.php?id=CVE-2006-5805
Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid. Microsoft Internet Explorer 7 permite a atacantes remotos provocar que un certificado de seguridad de una página segura, aparezca como inválido mediante un enlace a res://ieframe.dll/invalidcert.htm con el sitio objetivo como argumento, lo que muestra la URL del sitio en la barra de direcciones y hace que el Internet Explorer informe de que el certificado no es válido. • http://ingehenriksen.blogspot.com/2006/11/ie7-website-security-certificate.html http://securitytracker.com/id?1017165 http://www.securityfocus.com/archive/1/450722/100/0/threaded •
CVE-2006-5544
https://notcve.org/view.php?id=CVE-2006-5544
Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL. Vulnerabilidad de truncamiento visual en Microsoft Internet Explorer 7 permite a atacantes remotos suplantar la barra de direcciones y posiblemente conducir ataques de phising mediante una URL maliciosa que contiene espacios non-breaking (%A0), y que causa que la barra de direcciones omita algunos caracteres de la URL. • http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx http://secunia.com/advisories/22542 http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test http://securitytracker.com/id?1017122 http://www.kb.cert.org/vuls/id/347188 http://www.osvdb.org/30022 http://www.securityfocus.com/archive/1/449917/100/0/threaded http://www.securityfocus.com/bid/20728 https://exchange.xforce.ibmcloud.com/vulnerabilities/29827 •
CVE-2006-1359 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1359
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. • https://www.exploit-db.com/exploits/1838 https://www.exploit-db.com/exploits/1628 https://www.exploit-db.com/exploits/1606 https://www.exploit-db.com/exploits/1620 https://www.exploit-db.com/exploits/16578 http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662. • CWE-94: Improper Control of Generation of Code ('Code Injection') •