CVSS: 6.8EPSS: 95%CPEs: 3EXPL: 1CVE-2008-2947
https://notcve.org/view.php?id=CVE-2008-2947
Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors. Vulnerabilidad de dominios cruzados en Microsoft Internet Explorer 6 permite a atacantes remotos acceder a información restringida de otros dominios a través de JavaScript que utiliza tipos de datos Object para el valor de una propiedad (1) location o (2) location.href. • http://blogs.zdnet.com/security/?p=1348 http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://secunia.com/advisories/30857 http://www.kb.cert.org/vuls/id/923508 http://www.ph4nt0m.org-a.googlepages.com/PSTZine_0x02_0x04.txt http://www.securityfocus.com/bid/29960 http://www.securitytracker.com/id?1020382 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/1940/references http://www.vupen.com/english/advisories/ • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 8%CPEs: 2EXPL: 1CVE-2008-2948 – Microsoft Internet Explorer 7/8 Beta 1 - Frame Location Cross Domain Security Bypass
https://notcve.org/view.php?id=CVE-2008-2948
Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector. Una vulnerabilidad de tipo cross-domain en Microsoft Internet Explorer versiones 7 y 8, permite a los atacantes remotos cambiar la propiedad de ubicación de una trama por medio del tipo de dato Object y usar una trama de un dominio diferente para observar eventos independientes del dominio, como se demuestra mediante la observación de eventos onkeydown con caballero-listener. NOTA: según Microsoft, este es un duplicado del CVE-2008-2947, posiblemente un vector de ataque diferente. • https://www.exploit-db.com/exploits/31996 http://blogs.zdnet.com/security/?p=1348 http://secunia.com/advisories/30851 http://sirdarckcat.blogspot.com/2008/05/ghosts-for-ie8-and-ie75730.html http://technet.microsoft.com/en-us/security/cc405107.aspx#EHD http://www.gnucitizen.org/blog/ghost-busters http://www.kb.cert.org/vuls/id/516627 http://www.vupen.com/english/advisories/2008/1941/references •
CVSS: 9.3EPSS: 75%CPEs: 2EXPL: 0CVE-2008-1442 – Microsoft Internet Explorer DOM Object substringData() Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-1442
Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability." Desbordamiento de búfer basado en montículo en el método substringData en Microsoft Internet Explorer 6 y 7 permite a atacantes remotos ejecutar código de su elección a través de, lo que esta relacionado con un manipulación no específica de un objeto DOM antes de una llamada a este método, también conocida como "Vulnerabilidad de corrupción de memoria por objetos HTML" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the substringData() method when called on a DOM object that has been manipulated in a special way. The attack results in an exploitable heap buffer allowing for code execution under the context of the current user. • http://marc.info/?l=bugtraq&m=121380194923597&w=2 http://secunia.com/advisories/30575 http://securityreason.com/securityalert/3934 http://securitytracker.com/id?1020225 http://www.securityfocus.com/archive/1/493253/100/0/threaded http://www.securityfocus.com/bid/29556 http://www.us-cert.gov/cas/techalerts/TA08-162B.html http://www.vupen.com/english/advisories/2008/1778 http://www.zerodayinitiative.com/advisories/ZDI-08-039 https://docs.microsoft.com/en-us/security-updates&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 12%CPEs: 6EXPL: 0CVE-2008-2540
https://notcve.org/view.php?id=CVE-2008-2540
Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. Apple Safari en Mac OS X y en versiones anteriores a 3.1.2 en Windows, no apunta al usuario después de descargar un objeto que tiene un tipo de contenido no reconocido, lo que permite a atacantes remotos incluir malware dentro de (1) el directorio Desktop en Windows o (2) el directorio Downloads en Mac OS X, y posteriormente permite a atacantes remotos ejecutar código arbitrario en Windows aprovechando una vulnerabilidad de ruta de búsqueda no confiable en (a) Internet Explorer 7 en Windows XP o (b) la función SearchPath en Windows XP, Vista y Server 2003 y 2008, vulnerabilidad también conocida como "Carpet Bomb" y "Blended Threat Elevation of Privilege Vulnerability", un problema diferente de CVE-2008-1032. NOTA: Apple considera esto como vulnerabilidad solo porque los productos Microsoft pueden cargar bibliotecas de aplicaciones del escritorio y, como 20080619, no ha cubierto el problema en un aviso para Mac OS X. • http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx http://blogs.zdnet.com/security/?p=1230 http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html http://secunia.com/advisories/30467 http://securitytracker.com/id?1020150 http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138 http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html http://www.microsoft.com/technet/se • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 96%CPEs: 3EXPL: 2CVE-2008-2281 – Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting
https://notcve.org/view.php?id=CVE-2008-2281
Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la característica Print Table of Links de Internet Explorer 6.0, 7.0 y 8.0b permite a atacantes remotos asistidos por el usuario inyectar secuencias de comandos web o HTML en la Zona de Máquina Local mediante un documento HTML con un enlace que contiene secuencias JavaScript, que se evalúan por un script de recurso cuando un usuario imprime el documento. • https://www.exploit-db.com/exploits/5619 http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx http://secunia.com/advisories/30141 http://www.securityfocus.com/bid/29217 http://www.vupen.com/english/advisories/2008/1529/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42416 •