Page 99 of 625 results (0.063 seconds)

CVSS: 4.3EPSS: 62%CPEs: 1EXPL: 2

The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type. • http://marc.info/?l=bugtraq&m=113017003617987&w=2 http://securityreason.com/securityalert/18 http://www.computec.ch/download.php?view.683 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1746 http://www.securiteam.com/windowsntfocus/6F00B00EBY.html •

CVSS: 7.5EPSS: 15%CPEs: 3EXPL: 1

Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability". • https://www.exploit-db.com/exploits/1144 http://secunia.com/advisories/16373 http://www.securityfocus.com/bid/14512 http://www.vupen.com/english/advisories/2005/1353 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg&# •

CVSS: 5.1EPSS: 96%CPEs: 3EXPL: 1

Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087. • https://www.exploit-db.com/exploits/1144 http://secunia.com/advisories/16373 http://securitytracker.com/id?1014643 http://www.kb.cert.org/vuls/id/959049 http://www.securityfocus.com/bid/14511 http://www.us-cert.gov/cas/techalerts/TA05-221A.html http://www.vupen.com/english/advisories/2005/1353 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100082 https:/& •

CVSS: 5.1EPSS: 91%CPEs: 3EXPL: 2

Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability". • https://www.exploit-db.com/exploits/25991 https://www.exploit-db.com/exploits/1144 http://secunia.com/advisories/16373 http://www.kb.cert.org/vuls/id/965206 http://www.us-cert.gov/cas/techalerts/TA05-221A.html http://www.vupen.com/english/advisories/2005/1353 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-038 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1140 https://oval.cisecurity.org/repository/search •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1

Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count. Microsoft MSN Messenger 9.0 e Internet Explorer 6.0 permiten que atacantes remotos causen una denegación de servicio (caída) mediante una imagen con un ICC Profile con un Tag Count grande. • http://www.securityfocus.com/archive/1/405377 http://www.securityfocus.com/bid/14288 •