CVSS: 5.0EPSS: 83%CPEs: 3EXPL: 2CVE-2006-3898 – Microsoft Internet Explorer 6 - Internet.HHCtrl Click Denial of Service
https://notcve.org/view.php?id=CVE-2006-3898
Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference. Microsoft Internet Explorer 6.0 sobre Windows XP SP2 permite a atacantes remotos provocar denegación de servicio (caida de aplicación) a través de la llamada al método click del objeto ActiveX Internet.HHCtrl.1 anterior a la inicialización de la URL, la cual dispara un referencia a un NULL. • https://www.exploit-db.com/exploits/28256 http://browserfun.blogspot.com/2006/07/mobb-22-internethhctrl-click.html http://www.osvdb.org/27231 http://www.securityfocus.com/bid/19109 http://www.vupen.com/english/advisories/2006/2952 https://exchange.xforce.ibmcloud.com/vulnerabilities/27929 •
CVSS: 5.0EPSS: 96%CPEs: 4EXPL: 2CVE-2006-3897 – Microsoft Internet Explorer 6 - NMSA.ASFSourceMediaDescription Stack Overflow
https://notcve.org/view.php?id=CVE-2006-3897
Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property. Desbordamiento de búfer basado en pila en Microsoft Internet Explorer 6 sobre Windows 2000 permite a atacantes remotos provocar denegación de servicio (caida de aplicación) a través de la creación de un objeto ActiveX NMSA.ASFSourceMediaDescription.1 con una propiedad dispValue. • https://www.exploit-db.com/exploits/28259 http://browserfun.blogspot.com/2006/07/mobb-23-nmsaasfsourcemediadescription.html http://www.osvdb.org/27232 http://www.securityfocus.com/bid/19114 http://www.vupen.com/english/advisories/2006/2953 https://exchange.xforce.ibmcloud.com/vulnerabilities/27930 • CWE-787: Out-of-bounds Write •
CVSS: 2.6EPSS: 5%CPEs: 4EXPL: 3CVE-2006-3729 – Microsoft Internet Explorer 6 - DataSourceControl Denial of Service
https://notcve.org/view.php?id=CVE-2006-3729
DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer overflow and a null dereference. DataSourceControl en Internet Explorer 6 sobre Windows XP SP2 con Office instalado permite a atacantes remotos provocar denegación de servicio (caida) a través de un argumento entero largo negativo en el método getDataMemberName de un objeto OWC11.DataSourceControl.11, el cual lleva a un desbordamiento de entero y una referencia NULL. • https://www.exploit-db.com/exploits/28244 http://browserfun.blogspot.com/2006/07/mobb-19-datasourcecontrol.html http://www.osvdb.org/27111 http://www.securityfocus.com/bid/19069 http://www.vupen.com/english/advisories/2006/2883 https://exchange.xforce.ibmcloud.com/vulnerabilities/27803 •
CVSS: 9.3EPSS: 97%CPEs: 3EXPL: 7CVE-2006-3730 – Microsoft Internet Explorer - WebViewFolderIcon setSlice()
https://notcve.org/view.php?id=CVE-2006-3730
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. Desbordamiento de entero en Microsoft Internet Explorer 6 sobre Windows XP SP2 permite a atacantes remotos provocar denegación de servicio (caida) y ejecutar código de su elección a través deun argumento 0x7fffffff en el método setSlice sobre un objeto ActiveX WebViewFolderIcon, el cual dará lugar a una copia de memoria no válida. • https://www.exploit-db.com/exploits/2458 https://www.exploit-db.com/exploits/2460 https://www.exploit-db.com/exploits/2448 https://www.exploit-db.com/exploits/2440 https://www.exploit-db.com/exploits/16564 http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html http://isc.sans.org/diary.php?storyid=1742 http://riosec.com/msie-setslice-vuln http://secunia.com/advisories/22159 http://securitytracker.com/id?1016941 http://www.kb.cert.org/vuls/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 11%CPEs: 2EXPL: 0CVE-2006-3657
https://notcve.org/view.php?id=CVE-2006-3657
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property. Microsoft Internet Explorer 6 permite a atacantes remotos provocar una denegación de servicio (excepción de desbordamiento de pila) a través del objeto de ActiveX DXImageTransform.Microsoft.Gradient con una propiedad larga (1) StartColorStr o (2) EndColorStr. • http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html http://www.osvdb.org/27109 http://www.securityfocus.com/bid/19029 http://www.vupen.com/english/advisories/2006/2832 https://exchange.xforce.ibmcloud.com/vulnerabilities/27762 •