Page 73 of 625 results (0.011 seconds)

CVSS: 9.3EPSS: 82%CPEs: 5EXPL: 0

Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258. Internet Explorer de Microsoft versiones 5.01, 6 y 7, accede a la memoria no inicializada en determinadas condiciones, lo que permite a los atacantes remotos causar una denegación de servicio (bloqueo) y ejecutar código arbitrario por medio de vectores relacionados con un objeto de documento "appended in a specific order", también se conoce como "HTML Objects Memory Corruption Vulnerability" o "XHTML Rendering Memory Corruption Vulnerability", una vulnerabilidad diferente de CVE-2008-2258. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects. When an object is appended in a specific order, memory corruption occurs. • http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/31375 http://www.securityfocus.com/archive/1/495430/100/0/threaded http://www.securityfocus.com/bid/30613 http://www.securitytracker.com/id?1020674 http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2349 http://www.zerodayinitiative.com/advisories/ZDI-08-050 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-045 https:/ • CWE-399: Resource Management Errors •

CVSS: 6.8EPSS: 3%CPEs: 2EXPL: 1

Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector. Una vulnerabilidad de tipo cross-domain en Microsoft Internet Explorer versiones 6 y 7, permite a los atacantes remotos cambiar la propiedad de ubicación de una trama por medio del tipo de dato String y usar una trama de un dominio diferente para observar eventos independientes del dominio, como es demostrado mediante la observación de eventos onkeydown con caballero-listener. NOTA: según Microsoft, este es un duplicado del CVE-2008-2947, posiblemente un vector de ataque diferente. • https://www.exploit-db.com/exploits/31996 http://blogs.zdnet.com/security/?p=1348 http://sirdarckcat.blogspot.com/2008/05/browsers-ghost-busters.html http://technet.microsoft.com/en-us/security/cc405107.aspx#EHD http://www.kb.cert.org/vuls/id/516627 http://www.vupen.com/english/advisories/2008/1941/references •

CVSS: 6.8EPSS: 95%CPEs: 3EXPL: 1

Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors. Vulnerabilidad de dominios cruzados en Microsoft Internet Explorer 6 permite a atacantes remotos acceder a información restringida de otros dominios a través de JavaScript que utiliza tipos de datos Object para el valor de una propiedad (1) location o (2) location.href. • http://blogs.zdnet.com/security/?p=1348 http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://secunia.com/advisories/30857 http://www.kb.cert.org/vuls/id/923508 http://www.ph4nt0m.org-a.googlepages.com/PSTZine_0x02_0x04.txt http://www.securityfocus.com/bid/29960 http://www.securitytracker.com/id?1020382 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/1940/references http://www.vupen.com/english/advisories/ • CWE-284: Improper Access Control •

CVSS: 9.3EPSS: 75%CPEs: 2EXPL: 0

Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability." Desbordamiento de búfer basado en montículo en el método substringData en Microsoft Internet Explorer 6 y 7 permite a atacantes remotos ejecutar código de su elección a través de, lo que esta relacionado con un manipulación no específica de un objeto DOM antes de una llamada a este método, también conocida como "Vulnerabilidad de corrupción de memoria por objetos HTML" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the substringData() method when called on a DOM object that has been manipulated in a special way. The attack results in an exploitable heap buffer allowing for code execution under the context of the current user. • http://marc.info/?l=bugtraq&m=121380194923597&w=2 http://secunia.com/advisories/30575 http://securityreason.com/securityalert/3934 http://securitytracker.com/id?1020225 http://www.securityfocus.com/archive/1/493253/100/0/threaded http://www.securityfocus.com/bid/29556 http://www.us-cert.gov/cas/techalerts/TA08-162B.html http://www.vupen.com/english/advisories/2008/1778 http://www.zerodayinitiative.com/advisories/ZDI-08-039 https://docs.microsoft.com/en-us/security-updates&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 95%CPEs: 3EXPL: 2

Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la característica Print Table of Links de Internet Explorer 6.0, 7.0 y 8.0b permite a atacantes remotos asistidos por el usuario inyectar secuencias de comandos web o HTML en la Zona de Máquina Local mediante un documento HTML con un enlace que contiene secuencias JavaScript, que se evalúan por un script de recurso cuando un usuario imprime el documento. • https://www.exploit-db.com/exploits/5619 http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx http://secunia.com/advisories/30141 http://www.securityfocus.com/bid/29217 http://www.vupen.com/english/advisories/2008/1529/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42416 •