CVSS: 5.0EPSS: 17%CPEs: 12EXPL: 3CVE-2006-5162 – Microsoft Internet Explorer 6 - 'Content-Type' Stack Overflow Crash
https://notcve.org/view.php?id=CVE-2006-5162
wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow. wininet.dll en Microsoft Internet Explorer 6.0 SP2 y anteriores permite a atacantes remotos provocar una denegación de servicio (excepción no manejada y caída) mediante una cabecera Content-Type larga, lo cual dispara un desbordamiento de pila. • https://www.exploit-db.com/exploits/2039 http://archives.neohapsis.com/archives/bugtraq/2006-07/0379.html http://securityreason.com/securityalert/1683 http://www.osvdb.org/29129 http://www.securityfocus.com/bid/19092 http://www.vupen.com/english/advisories/2006/2917 https://exchange.xforce.ibmcloud.com/vulnerabilities/27900 •
CVSS: 6.8EPSS: 60%CPEs: 1EXPL: 0CVE-2006-5152
https://notcve.org/view.php?id=CVE-2006-5152
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Microsoft Internet Explorer permite a atacantes remotos inyectar secuencias de comandos o HTML de su elección mediante una URL codificada en UTF-7 que es retornada en un mensaje de error HTTP 404 grande sin un conjunto de caracteres explícito, un asunto relacionado con CVE-2006-0032. • http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0017.html http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0030.html http://www.osvdb.org/31328 http://www.securityfocus.com/archive/1/447509/100/0/threaded http://www.securityfocus.com/archive/1/447516/100/0/threaded http://www.securityfocus.com/archive/1/447574/100/0/threaded •
CVSS: 9.3EPSS: 23%CPEs: 13EXPL: 4CVE-2006-4868 – Microsoft Internet Explorer (Windows XP SP2) - 'VML' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-4868
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag. Desbordamiento de búfer basado en el motor Vector Graphics Rendering (vgx.dll), tal y como se usa en Microsoft Outlook e Internet Explorer 6.0 en Windows XP SP2 y posiblemente otras versiones permite a atacantes remotos ejecutar código de su elección mediante un fichero Vector Markup Language (VML) con un parámetro "fill" largo dentro de una etiqueta "rect". • https://www.exploit-db.com/exploits/2425 https://www.exploit-db.com/exploits/16597 https://www.exploit-db.com/exploits/2426 http://blogs.securiteam.com/index.php/archives/624 http://secunia.com/advisories/21989 http://securitytracker.com/id?1016879 http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html http://support.microsoft.com/kb/925486 http://www.kb.cert.org/vuls/id/416092 http://www.microsoft.com/technet/security/advisory/925568.mspx ht • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 9%CPEs: 3EXPL: 8CVE-2006-4193 – Microsoft Internet Explorer 6 - 'IMSKDIC.dll' Denial of Service
https://notcve.org/view.php?id=CVE-2006-4193
Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files. Microsoft Internet Explorer 6.0 SP1 y posiblemente otras versiones permite a atacantes remotos provocar una denegación de servicio y posiblemente ejecutar código de su elección instanciando objetos COM como controles ActiveX, incluyendo (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), y (3) msoe.dll (Outlook), lo que lleva a una corrupción de memoria. NOTA: no está confirmado si este problema está en Internet Explorer o en los archivos DLL individuales. • https://www.exploit-db.com/exploits/28387 https://www.exploit-db.com/exploits/28389 http://securityreason.com/securityalert/1402 http://www.osvdb.org/29345 http://www.osvdb.org/29346 http://www.osvdb.org/29347 http://www.securityfocus.com/archive/1/443290/100/0/threaded http://www.securityfocus.com/archive/1/443295/100/0/threaded http://www.securityfocus.com/archive/1/443299/100/0/threaded http://www.securityfocus.com/bid/19521 http://www.securityfocus.com/bid •
CVSS: 7.5EPSS: 71%CPEs: 8EXPL: 0CVE-2006-3638
https://notcve.org/view.php?id=CVE-2006-3638
Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01 y 6 no maneja adecuadamente objetos COM no inicializados, lo cual permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) y posiblemente ejecutar código de su elección, como ha sido demostrado por la función Nth en el control ActiveX DirectAnimation.DATuple, también conocido como "Vulnerabilidad de Corrupción de Memoria en la Instanciación de Objetos COM". • http://secunia.com/advisories/21396 http://securitytracker.com/id?1016663 http://www.kb.cert.org/vuls/id/959049 http://www.osvdb.org/27852 http://www.securityfocus.com/archive/1/442728/100/0/threaded http://www.securityfocus.com/bid/19340 http://www.tippingpoint.com/security/advisories/TSRT-06-09.html http://www.us-cert.gov/cas/techalerts/TA06-220A.html http://www.vupen.com/english/advisories/2006/3212 https://docs.microsoft.com/en-us/security-updates/securitybulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •