Page 64 of 366 results (0.035 seconds)

CVSS: 9.3EPSS: 94%CPEs: 46EXPL: 0

CVE-2009-1529 – Microsoft Internet Explorer setCapture Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2009-1529

Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 7 para Windows XP SP2 y SP3; 7 para Server 2003 SP2; 7 para Vista Gold, SP1 y SP2; y 7 para Server 2008 SP2, no maneja apropiadamente los objetos en la memoria, lo que permite a los atacantes remotos ejecutar código arbitrario llamando al método setCapture en una colección de objetos creados, también se conoce como "Uninitialized Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists when calling the setCapture method on a range of objects. When setCapture is called on a collection of specially crafted objects memory becomes corrupted. • http://osvdb.org/54948 http://www.securityfocus.com/archive/1/504205/100/0/threaded http://www.securityfocus.com/bid/35223 http://www.securitytracker.com/id?1022350 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1538 http://www.zerodayinitiative.com/advisories/ZDI-09-036 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 1

CVE-2009-1335 – Microsoft Internet Explorer 8 - File Download Denial of Service

https://notcve.org/view.php?id=CVE-2009-1335

Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr. Microsoft Internet Explorer 7 y 8 en Windows XP y Vista permiten a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante un documento de gran tamaño formado por caracteres no imprimibles, también conocido como MSRC 9011jr. • https://www.exploit-db.com/exploits/32902 http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0111.html http://www.securityfocus.com/archive/1/502617/100/0/threaded http://www.securityfocus.com/bid/34478 https://exchange.xforce.ibmcloud.com/vulnerabilities/50350 •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2008-3358

https://notcve.org/view.php?id=CVE-2008-3358

Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el Web Dynpro (WD) en el portal SAP NetWeaver, cuando se usa con Internet Explorer v7.0.5730, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de una URI manipulada, lo que provoca que la carga XSS sea reflejada en un documento de texto plano. • http://osvdb.org/51627 http://secunia.com/advisories/33685 http://service.sap.com/sap/support/notes/1235253 http://www.csnc.ch/misc/files/advisories/CVE-2008-3358.txt http://www.securityfocus.com/archive/1/500415/100/0/threaded http://www.securityfocus.com/bid/33465 http://www.securitytracker.com/id?1021638 http://www.vupen.com/english/advisories/2009/0255 https://exchange.xforce.ibmcloud.com/vulnerabilities/48237 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 1

CVE-2009-0072 – Microsoft Internet Explorer Javascript Denial Of Service

https://notcve.org/view.php?id=CVE-2009-0072

Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element. Microsoft Internet Explorer 6.0 hasta 8.0 beta2 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través del valor del atributo onload=screen[""] en un elemento "BODY". • http://skypher.com/index.php/2009/01/07/msie-screen-null-ptr-dos-details http://www.securityfocus.com/bid/33149 https://exchange.xforce.ibmcloud.com/vulnerabilities/47788 •

CVSS: 9.3EPSS: 96%CPEs: 28EXPL: 0

CVE-2008-3475 – Microsoft Internet Explorer componentFromPoint Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2008-3475

Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6 no maneja adecuadamente errores asociados con accesos a un objeto que ha sido (1) inicializado incorrectamente o (2) borrado, lo cual permite a atacantes remotos ejecutar código de su elección a través de un documento HTML manipulado, también conocido como "Vulnerabilidad de Corrupción de Memoria no iniciada". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the componentFromPoint() method exposed through JavaScript. A problem in the implementation of this method for a particular object can be used to arbitrarily control memory access. • http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://www.securityfocus.com/archive/1/497380/100/0/threaded http://www.securityfocus.com/bid/31617 http://www.securitytracker.com/id?1021047 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/2809 http://www.zerodayinitiative.com/advisories/ZDI-08-069 https://docs.microsoft.com/en-us/security-updates/ • CWE-908: Use of Uninitialized Resource •