Page 64 of 320 results (0.011 seconds)

CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 1

Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element. Microsoft Internet Explorer 6.0 hasta 8.0 beta2 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través del valor del atributo onload=screen[""] en un elemento "BODY". • http://skypher.com/index.php/2009/01/07/msie-screen-null-ptr-dos-details http://www.securityfocus.com/bid/33149 https://exchange.xforce.ibmcloud.com/vulnerabilities/47788 •

CVSS: 4.3EPSS: 4%CPEs: 3EXPL: 0

Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function. Mshtml.dll en Microsoft Internet Explorer 7 Gold 7.0.5730 y 8 Beta 8.0.6001 en Windows XP SP2 que permite a los atacantes remotos causar una denegación de servicios (fallo en rendererizado posterior de la imagen) a través de un fichero PNG manipulado, en relación a un bucle infinito en la función CDwnTaskExec::ThreadExec. • http://securityreason.com/securityalert/4273 http://www.securityfocus.com/archive/1/496483/100/0/threaded http://www.securityfocus.com/bid/31215 https://exchange.xforce.ibmcloud.com/vulnerabilities/45225 • CWE-399: Resource Management Errors •

CVSS: 6.8EPSS: 8%CPEs: 2EXPL: 1

Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector. Una vulnerabilidad de tipo cross-domain en Microsoft Internet Explorer versiones 7 y 8, permite a los atacantes remotos cambiar la propiedad de ubicación de una trama por medio del tipo de dato Object y usar una trama de un dominio diferente para observar eventos independientes del dominio, como se demuestra mediante la observación de eventos onkeydown con caballero-listener. NOTA: según Microsoft, este es un duplicado del CVE-2008-2947, posiblemente un vector de ataque diferente. • https://www.exploit-db.com/exploits/31996 http://blogs.zdnet.com/security/?p=1348 http://secunia.com/advisories/30851 http://sirdarckcat.blogspot.com/2008/05/ghosts-for-ie8-and-ie75730.html http://technet.microsoft.com/en-us/security/cc405107.aspx#EHD http://www.gnucitizen.org/blog/ghost-busters http://www.kb.cert.org/vuls/id/516627 http://www.vupen.com/english/advisories/2008/1941/references •

CVSS: 7.5EPSS: 16%CPEs: 29EXPL: 0

Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826. Microsoft Internet Explorer 5.01 hasta 7 permite a atacantes remotos falsificar la barra de direcciones URL y otras "Interfaces de Usuario de confianza" mediante vectores no especificados, un asunto diferente que CVE-2007-1091 y CVE-2007-3826. • http://secunia.com/advisories/27133 http://securitytracker.com/id?1018788 http://www.securityfocus.com/archive/1/482366/100/0/threaded http://www.securityfocus.com/bid/25915 http://www.us-cert.gov/cas/techalerts/TA07-282A.html http://www.vupen.com/english/advisories/2007/3437 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2244 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.8EPSS: 82%CPEs: 29EXPL: 0

Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error. Vulnerabilidad no especificada en Microsoft Internet Explorer 5.01 hasta 7 permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados que implican corrupción de memoria debido a un error no controlado. • http://secunia.com/advisories/23469 http://securitytracker.com/id?1018788 http://www.securityfocus.com/archive/1/482366/100/0/threaded http://www.securityfocus.com/bid/25916 http://www.us-cert.gov/cas/techalerts/TA07-282A.html http://www.vupen.com/english/advisories/2007/3437 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2284 • CWE-399: Resource Management Errors •