Page 96 of 625 results (0.011 seconds)

CVSS: 4.3EPSS: 91%CPEs: 2EXPL: 3

Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192. • https://www.exploit-db.com/exploits/27577 http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerability_Test http://secunia.com/advisories/19521 http://securitytracker.com/id?1016291 http://www.securityfocus.com/archive/1/429719/100/0/threaded http://www.securityfocus.com/archive/1/429891/100/0/threaded http://www.securityfocus.com/archive/1/440851/100/100/threaded http://www.securityfocus.com/bid/17404 http://www.vupen.com/english/advisories/2006/1218 http://www. • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 65%CPEs: 3EXPL: 1

Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors. • https://www.exploit-db.com/exploits/1838 http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1415.html http://jeffrey.vanderstad.net/grasshopper http://news.zdnet.com/2100-1009_22-6052396.html?tag=zdfd.newsfeed http://secunia.com/advisories/19378 http://securitytracker.com/id?1015800 http://www.kb.cert.org/vuls/id/434641 http://www.osvdb.org/24095 http://www.securityfocus.com/bid/17181 http://www.us-cert.gov/cas/techalerts/TA06-101A.html http://www.vupen&# •

CVSS: 9.3EPSS: 97%CPEs: 4EXPL: 6

Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. • https://www.exploit-db.com/exploits/1838 https://www.exploit-db.com/exploits/1628 https://www.exploit-db.com/exploits/1606 https://www.exploit-db.com/exploits/1620 https://www.exploit-db.com/exploits/16578 http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662. • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 88%CPEs: 1EXPL: 2

Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument. • https://www.exploit-db.com/exploits/16549 http://metasploit.com/projects/Framework/exploits.html#ie_iscomponentinstalled http://www.metasploit.com/projects/Framework/modules/exploits/ie_iscomponentinstalled.pm http://www.securityfocus.com/bid/16870 https://exchange.xforce.ibmcloud.com/vulnerabilities/24923 •

CVSS: 5.0EPSS: 3%CPEs: 66EXPL: 2

jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference. • http://securitytracker.com/id?1015559 http://www.securityfocus.com/archive/1/423675/100/0/threaded http://www.securityfocus.com/archive/1/425422/30/6890/threaded http://www.securityfocus.com/bid/16441 •