CVSS: 2.6EPSS: 89%CPEs: 5EXPL: 2CVE-2006-2766 – Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-2766
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file. • https://www.exploit-db.com/exploits/27930 http://secunia.com/advisories/20384 http://securitytracker.com/id?1016654 http://www.kb.cert.org/vuls/id/891204 http://www.osvdb.org/25949 http://www.securityfocus.com/archive/1/435492/100/0/threaded http://www.securityfocus.com/archive/1/435609/100/0/threaded http://www.securityfocus.com/archive/1/435616/100/0/threaded http://www.securityfocus.com/bid/18198 http://www.us-cert.gov/cas/techalerts/TA06-220A.html http: •
CVSS: 9.3EPSS: 88%CPEs: 2EXPL: 0CVE-2006-2218
https://notcve.org/view.php?id=CVE-2006-2218
Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992. • http://secunia.com/advisories/19762 http://secunia.com/secunia_research/2006-41/advisory http://securitytracker.com/id?1016291 http://www.kb.cert.org/vuls/id/338828 http://www.osvdb.org/27475 http://www.securityfocus.com/archive/1/437099/100/0/threaded http://www.securityfocus.com/bid/17820 http://www.us-cert.gov/cas/techalerts/TA06-164A.html http://www.vupen.com/english/advisories/2006/2319 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms •
CVSS: 5.1EPSS: 42%CPEs: 23EXPL: 2CVE-2006-2094 – Microsoft Internet Explorer 5.0.1 - Modal Dialog Manipulation
https://notcve.org/view.php?id=CVE-2006-2094
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. • https://www.exploit-db.com/exploits/27744 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html http://securitytracker.com/id?1015720 http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02 http://www.osvdb.org/22351 http://www.securityfocus.com&# • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.0EPSS: 5%CPEs: 2EXPL: 0CVE-2006-2056
https://notcve.org/view.php?id=CVE-2006-2056
Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. • http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html http://www.securityfocus.com/archive/1/432009/100/0/threaded http://www.vupen.com/english/advisories/2006/1538 https://exchange.xforce.ibmcloud.com/vulnerabilities/26118 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 2.6EPSS: 96%CPEs: 1EXPL: 3CVE-2006-1992 – Microsoft Internet Explorer 6 - Nested OBJECT Tag Memory Corruption
https://notcve.org/view.php?id=CVE-2006-1992
mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable. • https://www.exploit-db.com/exploits/27727 http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0616.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045422.html http://secunia.com/advisories/19762 http://securityreason.com/securityalert/781 http://securitytracker.com/id?1016001 http://securitytracker.com/id?1016291 http://www.osvdb.org/27475 http://www.securityfocus.com/archive/1/431796/100/0/threaded http://www.securityfocus.com/bid/17658 http://www • CWE-399: Resource Management Errors •