CVSS: 4.3EPSS: 52%CPEs: 7EXPL: 1CVE-2007-3670 – Microsoft Internet Explorer and Mozilla Firefox - URI Handler Command Injection
https://notcve.org/view.php?id=CVE-2007-3670
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data." Una vulnerabilidad de inyección de argumentos en Microsoft Internet Explorer, cuando es ejecutado en sistemas con Firefox instalado y ciertos URIs registrados, permiten a atacantes remotos conducir ataques de tipo cross-browser scripting y ejecutar comandos arbitrarios por medio de metacaracteres de shell en un URI (1) FirefoxURL o (2) FirefoxHTML, que son insertadas en la línea de comandos que son creadas cuando se invoca el archivo firefox.exe. • https://www.exploit-db.com/exploits/30285 ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 93%CPEs: 1EXPL: 3CVE-2007-3576
https://notcve.org/view.php?id=CVE-2007-3576
Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar. ** IMPUGNADA ** Microsoft Internet Explorer 6 ejecuta secuencias de comandos (scripts) web desde URIs de nombres de esquema arbitrarios terminados con la secuencia de caracteres "script", usando (1)el manejador vbscript: para nombres de esquema desde 7 hasta 9 caracteres, y (2) el manejador javascript: para nombres de esquema con 10 o más caracteres, lo cual podría permitir a atacantes remotos evitar determinados esquemas de protección XSS. NOTA: otros investigadores no le conceden importancia a este problema, afirmando que "esto sólo funciona cuando se escribe en la barra de direcciones". • http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0 http://ha.ckers.org/blog/20070702/ie60-protocol-guessing http://osvdb.org/45813 http://sla.ckers.org/forum/read.php?2%2C13209%2C13218 http://www.0x000000.com/?i=375 •
CVSS: 7.8EPSS: 5%CPEs: 7EXPL: 0CVE-2007-3550
https://notcve.org/view.php?id=CVE-2007-3550
Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated ** EN DISPUTA ** Microsoft Internet Explorer versión 6.0 y versión 7.0 permite a atacantes remotos rellenar Zonas con dominios de su elección utilizando determinados metacaracteres tales como comodines mediante JavaScript, lo cual resulta en una denegación de servicio (supresión de sitios web y agotamiento de recursos), también conocida como "Internet Explorer Zone Domain Specification Dos and Page Suppressing". NOTA: esta cuestión ha sido discutida por una tercera parte, la cual establece que la configuración de la zona no puede ser manipulada. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064326.html http://osvdb.org/45814 http://securityreason.com/securityalert/2855 http://www.secniche.org/advisory/Internet_Dos_Adv.pdf http://www.securityfocus.com/archive/1/472651/100/0/threaded http://www.securityfocus.com/archive/1/473662 http://www.securityfocus.com/archive/1/485536/100/0/threaded http://www.securityfocus.com/bid/24744 https://exchange.xforce.ibmcloud.com/vulnerabilities/35455 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2007-3481
https://notcve.org/view.php?id=CVE-2007-3481
Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. NOTE: this issue has been disputed by other researchers, citing a variable scoping issue and information about the semantics of document.domain ** EN DISPUTA ** Vulnerabilidad entre dominios en Microsoft Internet Explorer 6 y 7 permite a los atacantes remotos omitir la directiva de mismo origen y acceder a información restringida de otros dominios a través de JavaScript que sobrescribe la variable de documento y estáticamente establece el atributo document.domain. NOTA: este problema ha sido cuestionado por otros investigadores, citando un problema de alcance variable e información sobre la semántica de document.domain. • http://osvdb.org/38953 http://www.0x000000.com/?i=371 http://www.securityfocus.com/bid/24704 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 16%CPEs: 2EXPL: 3CVE-2007-3406 – Microsoft Internet Explorer 6 - Local File Access
https://notcve.org/view.php?id=CVE-2007-3406
Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag. Múltiples vulnerabilidades de salto de directorio absoluto en Microsoft Internet Explorer 6 de Windows XP SP2 permite a atacantes remotos acceder a ficheros locales de su elección mediante el URI file: en (1) el atributo src a una etiqueta (a) bgsound, (b) input, (c) EMBED, (d) img, o (e) script. (2) el atributo data de una etiqueta object; (3) el atributo value de una etiqueta param; (4) el parámetro attribute de una etiqueta body; o el atributo background:url declarado en el parámetro BODY de una etiqueta STYLE. • https://www.exploit-db.com/exploits/29619 http://osvdb.org/45435 http://www.securityfocus.com/bid/22621 http://www.xdisclose.com/XD100099.txt •