CVSS: 9.3EPSS: 80%CPEs: 19EXPL: 0CVE-2007-1750
https://notcve.org/view.php?id=CVE-2007-1750
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. Vulnerabilidad no especificada en Microsoft Internet Explorer 6 permite a atacantes remotos ejecutar código de su elección mediante una etiqueta de Hoja de Estilo en Cascada (CSS) que dispara una corrupción de memoria. • http://osvdb.org/35349 http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/24423 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http://www.vupen.com/english/advisories/2007/2153 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033 https://exchange.xforce.ibmcloud.com/vulnerabilities/34619 https://oval.cisecurity.org/repository/sear •
CVSS: 9.3EPSS: 83%CPEs: 19EXPL: 0CVE-2007-0218
https://notcve.org/view.php?id=CVE-2007-0218
Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. Microsoft Internet Explorer versiones 5.01 y 6 permite a los atacantes remotos ejecutar código arbitrario mediante peticiones de determinados objetos COM desde la biblioteca Urlmon.dll, lo que desencadena corrupción de memoria durante una llamada a la función IObjectSafety. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=542 http://osvdb.org/35348 http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/24372 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http://www.vupen.com/english/advisories/2007/2153 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033 https://exchange.xforce.ib • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 81%CPEs: 19EXPL: 0CVE-2007-3027 – Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2007-3027
Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability." Condición de carrera en Microsoft Internet Explorer 5.01, 6, y 7 permite a atacantes remotos ejecutar código de su elección provocando que Internet Explorer instale múltiples paquetes de idioma en un modo que dispara una corrupción de memoria, también conocida como "Vulnerabilidad de Instalación de Paquetes de Idioma". This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in routines responsible for the on-demand installation of Internet Explorer language packs. A race condition may occur when a web page contains several pieces of content written in a language not currently supported by any of the installed language packs. • http://osvdb.org/35350 http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.securityfocus.com/archive/1/471209/100/0/threaded http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/24429 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http://www.vupen.com/english/advisories/2007/2153 http://www.zerodayinitiative.com/advisories/ZDI-07-037.html https://docs.microsoft.com/en-us/security-updates/ •
CVSS: 9.3EPSS: 96%CPEs: 9EXPL: 0CVE-2007-1751 – Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2007-1751
Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer versiones 5.01, 6 y 7 permite a los atacantes remotos ejecutar código arbitrario causando que Internet Explorer acceda a un objeto no inicializado o eliminado, relacionado con variables prototipo y celdas de tabla, también se conoce como "Uninitialized Memory Corruption Vulnerability". This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw is specifically exposed when a prototype variable points to a table cell and then that table cell is removed. This results in an invalid pointer dereference which can be leveraged to result in arbitrary code execution. • http://osvdb.org/35351 http://secunia.com/advisories/25627 http://securitytracker.com/id?1018235 http://www.securityfocus.com/archive/1/471210/100/0/threaded http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/24418 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http://www.vupen.com/english/advisories/2007/2153 http://www.zerodayinitiative.com/advisories/ZDI-07-038.html https://docs.microsoft.com/en-us/security-updates/ • CWE-908: Use of Uninitialized Resource •
CVSS: 7.1EPSS: 96%CPEs: 24EXPL: 0CVE-2007-3091
https://notcve.org/view.php?id=CVE-2007-3091
Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability." Una condición de carrera en Microsoft Internet Explorer versión 6 SP1; versiones 6 y 7 para Windows XP SP2 y SP3; versiones 6 y versión 7 para Server 2003 SP2; versión 7 para Vista Gold, SP1 y SP2; y versión 7 para Server 2008 SP2 permite a los atacantes remotos ejecutar código arbitrario o realizar otras acciones en una transición de página, con los permisos de la página antigua y el contenido de la página nueva, como es demostrado por las funciones setInterval que configuran el archivo location.href dentro de una expresión try/catch, también se conoce como "bait & switch vulnerability" o "Race Condition Cross-Domain Information Disclosure Vulnerability." • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html http://lcamtuf.coredump.cx/ierace http://osvdb.org/38497 http://osvdb.org/54944 http://secunia.com/advisories/25564 http://securityreason.com/securityalert/2781 http://securitytracker.com/id?1018192 http://www.kb.cert.org/vuls/id/471361 http://www.securityfocus.com/archive/1/470446/100/0/threaded http://www.securityfocus.com/bid/24283 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •