CVSS: 4.3EPSS: 0%CPEs: 44EXPL: 1CVE-2007-4848
https://notcve.org/view.php?id=CVE-2007-4848
12 Sep 2007 — Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file. Microsoft Internet Explorer 4.0 hasta 7 permite a atacantes remotos determinar la existencia de archivos locales que tienen imágenes asociadas mediante un URI res:// en la propiedad src de un objeto Image de JavaScript... • http://osvdb.org/37638 •
CVSS: 8.8EPSS: 95%CPEs: 5EXPL: 2CVE-2007-4790 – Microsoft Visual FoxPro 6.0 - FPOLE.OCX 6.0.8450.0 Remote (PoC)
https://notcve.org/view.php?id=CVE-2007-4790
10 Sep 2007 — Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function. Desbordamiento de búfer en la región stack de la memoria en ciertos controles ActiveX en las bibliotecas (1) FPOLE. OCX versión 6.0.8450.0 y (2) Foxtlib.ocx, tal y como son usados en Micro... • https://www.exploit-db.com/exploits/4369 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 92%CPEs: 3EXPL: 1CVE-2007-1749 – Microsoft Internet Explorer 5.0.1 - Vector Markup Language 'VGX.dll' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1749
14 Aug 2007 — Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow. Desbordamiento de entero en CDownloadSink class code en el componente de Lenguaje de Marcado Vectoria (VML) (VGX.DLL), como el utilizado en Internet Explorer 5.01, 6, y 7 permite a atacantes remotos ejecutar código... • https://www.exploit-db.com/exploits/30494 •
CVSS: 9.3EPSS: 95%CPEs: 3EXPL: 1CVE-2007-2216 – Microsoft Internet Explorer 5.0.1 - 'TBLinf32.dll' ActiveX Control Remote Code Execution
https://notcve.org/view.php?id=CVE-2007-2216
14 Aug 2007 — The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability." El control ActiveX de la biblioteca tblinf32.dll (también c... • https://www.exploit-db.com/exploits/30490 • CWE-16: Configuration •
CVSS: 9.3EPSS: 89%CPEs: 3EXPL: 0CVE-2007-3041
https://notcve.org/view.php?id=CVE-2007-3041
14 Aug 2007 — Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability." Una vulnerabilidad no especificada en el objeto ActiveX del archivo pdwizard.ocx para Internet Explorer versiones 5.01, 6 SP1 y 7, permite a atacantes remotos ejecutar código arbitrario por medio de vectores de ataque d... • http://secunia.com/advisories/26419 •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2007-3341
https://notcve.org/view.php?id=CVE-2007-3341
21 Jun 2007 — Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217. Vulnerabilidad sin especificar en la implementación del FTP del Microsoft Internet Explorer permite a atacantes remotos "ver una dirección de memoria válida" a través de vectores sin especificar, vulnerabilidad diferente a la CVE-2007-0217. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473 •
CVSS: 9.3EPSS: 96%CPEs: 19EXPL: 3CVE-2007-2222 – Microsoft Speech API ActiveX Control (Windows 2000 SP4) - Remote Buffer Overflow (MS07-033)
https://notcve.org/view.php?id=CVE-2007-2222
12 Jun 2007 — Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. Múltiples desbordamientos de búfer en los controles de voz (1) ActiveListen (en la biblioteca Xlisten.dll) y (2) ActiveVoice (e... • https://www.exploit-db.com/exploits/4065 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 90%CPEs: 19EXPL: 0CVE-2007-0218
https://notcve.org/view.php?id=CVE-2007-0218
12 Jun 2007 — Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. Microsoft Internet Explorer versiones 5.01 y 6 permite a los atacantes remotos ejecutar código arbitrario mediante peticiones de determinados objetos COM desde la biblioteca Urlmon.dll, lo que desencadena corrupción de memoria durante una llamada a la función IObjectSafety. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=542 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 89%CPEs: 19EXPL: 0CVE-2007-1750
https://notcve.org/view.php?id=CVE-2007-1750
12 Jun 2007 — Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. Vulnerabilidad no especificada en Microsoft Internet Explorer 6 permite a atacantes remotos ejecutar código de su elección mediante una etiqueta de Hoja de Estilo en Cascada (CSS) que dispara una corrupción de memoria. • http://osvdb.org/35349 •
CVSS: 9.8EPSS: 97%CPEs: 9EXPL: 0CVE-2007-1751 – Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2007-1751
12 Jun 2007 — Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer versiones 5.01, 6 y 7 permite a los atacantes remotos ejecutar código arbitrario causando que Internet Explorer acceda a un objeto no inicializado o eliminado, relacionado con variables prototipo y celdas de tabla, ... • http://osvdb.org/35351 • CWE-908: Use of Uninitialized Resource •