CVSS: 7.5EPSS: 93%CPEs: 1EXPL: 2CVE-2006-0544 – Microsoft Internet Explorer 7.0 Beta 2 - 'urlmon.dll' Denial of Service
https://notcve.org/view.php?id=CVE-2006-0544
urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters. • https://www.exploit-db.com/exploits/1475 http://www.security-protocols.com/advisory/sp-x23-advisory.txt http://www.securityfocus.com/bid/16463 •
CVSS: 7.5EPSS: 56%CPEs: 18EXPL: 1CVE-2004-1155
https://notcve.org/view.php?id=CVE-2004-1155
Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. • http://secunia.com/advisories/13251 http://secunia.com/advisories/22628 http://secunia.com/multiple_browsers_window_injection_vulnerability_test http://secunia.com/secunia_research/2004-13/advisory http://www.securityfocus.com/archive/1/449917/100/0/threaded http://www.securityfocus.com/bid/11855 •