CVSS: 2.6EPSS: 5%CPEs: 4EXPL: 3CVE-2006-3729 – Microsoft Internet Explorer 6 - DataSourceControl Denial of Service
https://notcve.org/view.php?id=CVE-2006-3729
DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer overflow and a null dereference. DataSourceControl en Internet Explorer 6 sobre Windows XP SP2 con Office instalado permite a atacantes remotos provocar denegación de servicio (caida) a través de un argumento entero largo negativo en el método getDataMemberName de un objeto OWC11.DataSourceControl.11, el cual lleva a un desbordamiento de entero y una referencia NULL. • https://www.exploit-db.com/exploits/28244 http://browserfun.blogspot.com/2006/07/mobb-19-datasourcecontrol.html http://www.osvdb.org/27111 http://www.securityfocus.com/bid/19069 http://www.vupen.com/english/advisories/2006/2883 https://exchange.xforce.ibmcloud.com/vulnerabilities/27803 •
CVSS: 9.3EPSS: 97%CPEs: 3EXPL: 7CVE-2006-3730 – Microsoft Internet Explorer - WebViewFolderIcon setSlice()
https://notcve.org/view.php?id=CVE-2006-3730
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. Desbordamiento de entero en Microsoft Internet Explorer 6 sobre Windows XP SP2 permite a atacantes remotos provocar denegación de servicio (caida) y ejecutar código de su elección a través deun argumento 0x7fffffff en el método setSlice sobre un objeto ActiveX WebViewFolderIcon, el cual dará lugar a una copia de memoria no válida. • https://www.exploit-db.com/exploits/2458 https://www.exploit-db.com/exploits/2460 https://www.exploit-db.com/exploits/2448 https://www.exploit-db.com/exploits/2440 https://www.exploit-db.com/exploits/16564 http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html http://isc.sans.org/diary.php?storyid=1742 http://riosec.com/msie-setslice-vuln http://secunia.com/advisories/22159 http://securitytracker.com/id?1016941 http://www.kb.cert.org/vuls/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 43%CPEs: 3EXPL: 2CVE-2006-3591 – Microsoft Internet Explorer 6 - TriEditDocument Denial of Service
https://notcve.org/view.php?id=CVE-2006-3591
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.TriEditDocument object before it has been initialized, which triggers a NULL pointer dereference. Microsoft Internet Explorer 6 permite a atacantes remotos provocar denegación de servicio (Caida de aplicación) a través del acceso la propiedad URL de un objeto TriEditDocument.TriEditDocument anterior que ha sido inicializado, el cual dispara una referencia a un puntero NULL. • https://www.exploit-db.com/exploits/28207 http://browserfun.blogspot.com/2006/07/mobb-12-trieditdocument-url.html http://www.osvdb.org/27056 http://www.securityfocus.com/bid/18946 http://www.vupen.com/english/advisories/2006/2765 https://exchange.xforce.ibmcloud.com/vulnerabilities/27675 •
CVSS: 5.0EPSS: 83%CPEs: 3EXPL: 2CVE-2006-3605 – Microsoft Internet Explorer 6 - RevealTrans Denial of Service
https://notcve.org/view.php?id=CVE-2006-3605
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference. Microsoft Internet Explorer 6 permite a atacantes remotos provocar una denegación de servicio (caída) estableciendo la propiedad Transition en un objeto ActiveX DXImageTransform.Microsoft.RevealTrans.1, lo cual provoca una referencia nula. • https://www.exploit-db.com/exploits/28213 http://browserfun.blogspot.com/2006/07/mobb-13-revealtrans-transition.html http://www.osvdb.org/27057 http://www.securityfocus.com/bid/18960 http://www.vupen.com/english/advisories/2006/2793 https://exchange.xforce.ibmcloud.com/vulnerabilities/27713 •
CVSS: 5.0EPSS: 88%CPEs: 9EXPL: 3CVE-2006-3513 – Microsoft Internet Explorer 6 - DirectAnimation.DAUserData Denial of Service
https://notcve.org/view.php?id=CVE-2006-3513
danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference. danim.dll de Microsoft Internet Explorer 6 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) por acceder a los datos de propiedad de un objeto DirectAnimation DAUserData antes de que sea inicializado, lo cual dispara un puntero a referencia NULL. • https://www.exploit-db.com/exploits/28196 http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html http://www.osvdb.org/27013 http://www.securityfocus.com/bid/18902 http://www.vupen.com/english/advisories/2006/2719 https://exchange.xforce.ibmcloud.com/vulnerabilities/27622 •