CVE-2006-3450 – Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2006-3450
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file. Microsoft Internet Explorer 6 permite a atacantes remotos ejecutar código de su elección usando la función Javascript document.getElementByID para acceder a elementos de Hojas de Estilo en Cascada (CSS) manipulados, y posiblemente otros vectores no especificados relacionados con determinadas combinaciones de posicionamiento en el diseño de un archivo HTML. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists due to improper handling of CSS class values. Accessing a specially crafted CSS element via document.getElementByID causes a memory corruption eventually leading to code execution. • http://secunia.com/advisories/21396 http://securitytracker.com/id?1016663 http://www.kb.cert.org/vuls/id/119180 http://www.osvdb.org/27855 http://www.securityfocus.com/archive/1/442579/100/0/threaded http://www.securityfocus.com/bid/19312 http://www.us-cert.gov/cas/techalerts/TA06-220A.html http://www.vupen.com/english/advisories/2006/3212 http://www.zerodayinitiative.com/advisories/ZDI-06-027.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/20 • CWE-20: Improper Input Validation •
CVE-2006-3910 – Microsoft Internet Explorer 6 - OVCtl Denial of Service
https://notcve.org/view.php?id=CVE-2006-3910
Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference. Internet Explorer 6 sobre Windows XP SP2, cuando Outlook está instalado, permite a atacantes remotos provocar denegación de servicio (caida) a través de llamadas a la función NewDefaultItem de un objeto OVCtl (OVCtl.OVCtl.1) ActiveXm lo cual dispara una dereferencia null. • https://www.exploit-db.com/exploits/28246 http://browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html http://www.osvdb.org/27112 http://www.securityfocus.com/bid/19079 http://www.vupen.com/english/advisories/2006/2915 https://exchange.xforce.ibmcloud.com/vulnerabilities/27845 •
CVE-2006-3730 – Microsoft Internet Explorer - WebViewFolderIcon setSlice()
https://notcve.org/view.php?id=CVE-2006-3730
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. Desbordamiento de entero en Microsoft Internet Explorer 6 sobre Windows XP SP2 permite a atacantes remotos provocar denegación de servicio (caida) y ejecutar código de su elección a través deun argumento 0x7fffffff en el método setSlice sobre un objeto ActiveX WebViewFolderIcon, el cual dará lugar a una copia de memoria no válida. • https://www.exploit-db.com/exploits/2458 https://www.exploit-db.com/exploits/2460 https://www.exploit-db.com/exploits/2448 https://www.exploit-db.com/exploits/2440 https://www.exploit-db.com/exploits/16564 http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html http://isc.sans.org/diary.php?storyid=1742 http://riosec.com/msie-setslice-vuln http://secunia.com/advisories/22159 http://securitytracker.com/id?1016941 http://www.kb.cert.org/vuls/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2006-3513 – Microsoft Internet Explorer 6 - DirectAnimation.DAUserData Denial of Service
https://notcve.org/view.php?id=CVE-2006-3513
danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference. danim.dll de Microsoft Internet Explorer 6 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) por acceder a los datos de propiedad de un objeto DirectAnimation DAUserData antes de que sea inicializado, lo cual dispara un puntero a referencia NULL. • https://www.exploit-db.com/exploits/28196 http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html http://www.osvdb.org/27013 http://www.securityfocus.com/bid/18902 http://www.vupen.com/english/advisories/2006/2719 https://exchange.xforce.ibmcloud.com/vulnerabilities/27622 •
CVE-2006-3510 – Microsoft Internet Explorer 6 - RDS.DataControl Denial of Service
https://notcve.org/view.php?id=CVE-2006-3510
The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read. The Remote Data Service Object (RDS.DataControl) de Microsoft Internet Explorer 6 en Windows 2000 permite a atacantes remotos provocar una denegación de servicio (caída) a través de series de operaciones que resultan en una longitud de cálculo no válida cuando se utiliza SysAllocStringLen, entonces se dispara una sobre-lectura de búfer. • https://www.exploit-db.com/exploits/28194 http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html http://www.osvdb.org/26955 http://www.securityfocus.com/bid/18900 http://www.vupen.com/english/advisories/2006/2718 https://exchange.xforce.ibmcloud.com/vulnerabilities/27621 •